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Preface 



Computer Aided Systems Theory (CAST) deals with the task of contributing 
to the creation and implementation of tools for the support of usual CAD tools 
for design and simulation by formal mathematical or logical means in modeling. 
Naturally, the basis for the construction and implementation of CAST software is 
provided by the existing current knowledge in modeling and by the experience of 
practitioners in engineering design. Systems Theory, as seen from the viewpoint 
of CAST research and CAST tool development, has the role of providing formal 
frameworks and related theoretical knowledge for model-construction and model 
analysis. We purposely do not distinguish sharply between systems theory and 
CAST and other similar fields of research and tool development such as for 
example in applied numerical analysis or other computational sciences. 

The here documented EUROCAST conference which took place at the Vienna 
University of Technology reflects current mainstreams in CAST. As in the pre- 
vious conferences new topics, both theoretical and application oriented, have 
been addressed. 

The presented papers show that the field is widespread and that new de- 
velopments in computer science and in information technology are the driving 
forces. 

The editors would like to thank the authors for providing their manuscripts in 
hard copy and in electronic form on time. The staff of Springer- Verlag Heidelberg 
gave, as in previous CAST publications, valuable support in editing this volume. 



March 2000 Franz Pichler 

Roberto Moreno-Dfaz 
Peter Kopacek 
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1 Introduction 

The origin of Systems Theory lays in the kind of complex problems experienced by 
engineers (specifically in the field of communications and control) and scientists (in 
biology and ecology) in the mid of the 20“’ century. Then it became obvious, that the 
usual mathematical modeling concepts based on analysis (differential equations) and 
linear algebra (linear equations and matrices) were not any more appropriate. New 
mathematical methods in dealing with actual problems in formal modeling tasks 
were required. 

In Communications Engineering Karl Kupfmiiller, well known as engineer and as 
Professor, suggested to model transmission lines and related components not on the 
level of electrical networks (and related differential equation systems) but on the 
higher level of functional frequency descriptions (by the transfer function) and look 
for (“top down”) means of computational determination of the physical realization 
on the level below. 

Such an approach in modeling he called “systemstheoretical”. His book “Die 
Systemtheorie der Elektrischen Nachrichteniibertragung” of 1949 can be considered 
as the “birth” of Systems Theory for Information Technology. From that it should be 
clear, that Systems Theory should not be considered as a “theory of systems” but 
rather as a collection of useful concepts, methods and tools for the support of “top 
down” multi-level modeling in engineering and science. By this definition it is 
obvious that formal concepts and methods will in a Systems Theory have an 
important role. It is likewise quite clear that in order to deal with complex design 
and simulation problems in engineering and science a computer assistance for the 
effective application of systemstheoretical methods is a necessity. The field of 
Computer Aided Systems Theory (CAST), the field which should provide the proper 
software tools for the application of Systems Theory, deserves therefor the vital 
interest of engineers and scientists working on complex design and simulation 
projects. 



2 CAST/CAD/CAM Tools: The Beginnings 

In the past most attention has been given to the development of computer assistance 
tools for practical engineering tasks. This resulted in CAD tools for structuring of 

F. Pichler, R. Moreno-Dlaz, and P. Kopacek (Eds.): EUROCAST’99, LNCS 1798, pp. 3-7, 2000. 
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engineering tasks and in CAM tools for physical layouting the design to prepare for 
implementation. The functional design of engineering systems, which needs the 
application of formal methods, however, has not received the proper attention which 
is deserves. 

In the development of CAD/CAM tools the domain of microelectronics and there 
the design of VLSI circuits has reached a high standard both in applied methodology 
and in efficient implementation. This resulted in university education that VLSI 
design became teachable and in industry that also non-specialized firms were finally 
able to design customized circuits. Formal methods, which support functional design 
steps on a higher level of description, however, do not dominate in such tools. 

This fact gave us in the mid of the 80’s the idea to implement some of the formal 
methods which are available in systems theory for such tasks and to integrate them 
into existing VLSI-design tools. We considered this activity as part of “Computer 
Aided Systems Theory” (CAST). The first “CAST-tool” to be integrated to VLSI 
CAD/CAM tools (to became a “CAST/CAD/CAM/tool) was CAST.FSM, a Lisp- 
software supporting the application of finite state machine theory in VLSI design. 



3 CAST Conferences: The History 

For traditional areas of engineering, especially in control engineering and in 
communication engineering tools which support formal (mathematical) modeling 
exist already for a long time (see for example Jamshidi-Herget (eds.) 1985). For 
(classical) mathematical systems theory, as defined by Kupfmiiller, Zadeh, Kalman, 
Mesarovic, Wunsch and others, which centers on the concept of a “dynamical 
systems with input and output” (in different degree of abstraction and specialization) 
“CAST tools” in comparable quality did not exist. 

An exception constitute the reported activities of George Klir and his systems 
group at SUNY-Binghamton to develop and implement the “General Systems 
Problem Solver” (GSPS) for the support of problems in general systems (as defined 
by G. Klir). 

In 1984 we started at the University Linz, Institute of Systems Science, the 
“CAST project” with the goal to develop software tools which support systems 
theoretical methods in formal modeling of systems in the domain of information 
technology. Furthermore to integrate such tools (CAST-tools) into existing 
CAD/CAM tools and to show its practical applicability. This project got full support 
by Siemens AG ZT Munich (research laboratories) specifically there by its leader 
Prof. Heinz Schwartzel and his group. As a result different versions of prototype- 
CAST tools, such as CAST.FSM (a finite state machine problem solver), 
CAST. FOURIER (an abstract harmonic analysis problem solver) and CAST. LISAS 
(for modeling and simulation of cellular systems) were developed (see Pichler- 
Schwartzel (eds.) 1992). In addition international conferences on the topic of 
“CAST” were started and organized (CAST workshop’88 (Linz), EUROCAST’89 
(Las Palmas), EUROCAST’91 (Krems), EUROCAST’93 (Las Palmas), CAST’94 
(Ottawa), EUROCAST’95 (Innsbruck), EUROCAST’97 (Las Palmas)). These 
CAST-conferences received international interest and participation, most of the 
papers delivered by the speakers have been published (Lecture Notes in Computer 
Science, Springer- Verlag Berlin-Heidelberg). 
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The topics covered at the CAST conferences have purposively a wide spectrum. 
Besides of papers which are in the core of CAST research the organizers accepted 
also papers which are potentially close to CAST or which give promise of new areas 
for the development or of possible applications of CAST-tools. Of specific interest 
was here the connection of Systems Theory and CAST to the field of Artificial 
Intelligence and related areas. In this direction the engagement of Roberto Moreno- 
Diaz and the research groups at the University of Las Palmas (Gran Canaria, Spain) 
and at different other Spanish universities deserves to be mentioned here. All in all 
we would like to consider the past activities in the “CAST projecf’ as satisfying 
since many researchers and practitioners in engineering became aware of the 
importance of formal models and associated algorithms to structure and optimize 
design. They follow the rule that design has to be done “top down” using models of 
different levels of abstraction and specialization and acknowledge the availability of 
formal models to help in verification the fulfillment of requirements. Furthermore 
they have trust in deductive methods for systems analysis to approve the desired 
quality of the designed system. This facts are satisfying to all researchers working in 
theoretical fields such as applied mathematics or mathematical systems theory. This 
satisfaction is independent to what degree CAST tools (in the strict sense of 
definition) might have migrated into existing CAD/CAM tools until today. 



4 Directions for Future Research 

After ten years of activities in CAST matters there is the question in what direction 
future research should go. I will try to point out three possible directions: 

(1) Systems Theory and CAST tools for Macro Architecting, 

(2) Systems Theory and CAST tools for complex hierarchically distributed 
intelligent systems, 

(3) Investigations of dynamical systems in “Bourbaki style” and development of 
associated CAST tools. 

To (1): The engineering systems of today a very often complex systems build up 
by reusable components which consists of conventional engineering systems. To 
assure the quality of the design of the overall system it is advisable to have formal 
models for higher architectural levels available. In consequence this requires 
associated methods for structuring and optimization of such formal models. 
Furthermore appropriate CAST tools for the application of such methods to support 
“Macro-Architecting” (see Pichler 1998) are necessary. Examples of such complex 
engineering systems are manifold. The internet and the quality assurance of it with 
regard to the security of private data or the existing cellular nets for mobile- 
telephony provide fashionable examples. 

To (2): A hierarchical structure of a complex system gives, as we know, an 
analyst often the chance to apply formal methods in a recursive manner going from 
one level of the hierarchy to the other. This means that the complexity is reducible 
and effective deductive methods can be applied. The situation is more complex in 
the case that the components of a hierarchy are multifaceted and therefor 
inhomogen. This is the case of intelligent components which have a certain 
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autonomy. Arthur Koestler (1967, 1968, 1978) introduced for such hierarchies the 
concept of “holons” (describing the components) and also the proper relations 
between components. He called such a hierarchy a “holarchy”. Furthermore he 
defined by a canon of rules for important properties which a holarchy (Koestler calls 
it a “SOHO” structure - SOHO stands for Self Organizing Hierarchical Order) is 
required to have. 

We believe that in the future specific systemstheoretical methods for holarchies 
are needed. With associated CAST tools the engineering quality of the design of 
“complex distributed intelligent systems” can be improved. We do, however, not 
believe that evolution mechanisms - comparable to such which are intuitively 
proposed for a free capitalistic market - will finally sort out bad species in proper 
time. We rather would like to emphasize the need of rational proofs for the assured 
quality of such design tasks. 

Many activities for a methodological framework and associated tools for such 
systems are under way (we refer here to the topic of “Multi-Agent Systems”, see J. 
Ferber 1999). 

To (3): In the introduction to this paper we pointed out that Systems Theory is 
essentially a collection of concepts and methods for dealing with multilevel 
modeling and we emphasized the need for a top down approach. Following the 
classification as given by Mesarovic we can distinguish between two main kinds of 
multi-level models: multi-strata models and multi-layer models. Multi-strata models 
are , as we know, characterized by the fact that the different levels represent the real 
system which is in discussion by different levels of abstraction. In contrast, in a 
multi-layer model the different layers model components of the real system and 
reflect their order in the hierarchy with respect to tasks such as partition of the work 
load or decision making. 

By investigating dynamical systems in “Bourbaki style”, as we propose, we 
understand the aquiring of knowledge to represent dynamical systems in different 
levels of abstraction and to relate such representations “top down” by proper 
morphisms (dynamorphisms in the sense of Michael Arbib). 

Although the theory of dynamical systems is in mathematics highly developed 
and ranges from such abstract fields as topological dynamics to rather specialized 
topics such as dynamical systems generated by linear constant differential equations 
or finite state machines, the study of dynamorphisms to relate the different possible 
representations seems to be not developed in what we would like to call “Bourbaki 
style”. There are, however, some important partial results available (e.g. the 
algebraic theory of linear systems as developed by Rudolf Kalman). However much 
research work is left to be done. 

To stress the importance of this direction of research in Systems Theory and 
CAST, we would like to give an example for possible applications. 

Microsystems, as it is well known, are highly integrated circuits which are based 
on different technologies such as microelectronics, micromechanics, microacoustics, 
microhydraulics, micro-vacuum tubes, micro optics and possible others. By these 
different technologies it is possible to implement different kind of “machines” and to 
integrate them by coupling to a complex system on a single silicon chip. For 
modeling a microsystem we need, depending on the different realization 
technologies for its components and their couplings, a variety of different modeling 
concepts and tools. The complexity of the modeling process is certainly a new 
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challenge in systems design. The paradigms which are existing in modeling and tool 
making, as for example, used in microelectronics, mechanical engineering or control 
engineering, have to be revised and adapted to new needs (DeMan, 1990). In 
addition to the development of CAD tools for the engineering support of the 
designer formal mathematical methods and related tools have to be investigated and 
elaborated. The related research constitutes for the near future an important task in 
applied mathematics and mathematical systems theory. 

The development of a theory of dynamical systems (in “Bourbaki style”) and 
associated CAST-tools can be considered as an important part of research in this 
direction. It would provide mathematical means to “lift” models which are 
represented by dynamical systems from a lower (refined) level to a higher (coarse) 
level by appropriate morphisms. Furthermore such a theory and associated CAST 
tools would also allow to investigate the possibilities of decompositions of 
dynamical systems to achieve a refinement transformation from a higher level to a 
lower level of dynamical systems representation. Both kind of transformations are 
needed for giving theoretical support to microsystems design. More arguments on 
this topic may be found in a recent paper of the author (Pichler (1998)). 
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1 The Classics 

The systematic use of what we now call Systems Theory in the description of 
biological systems, and more precisely, the nervous system, took off in the Forties 
although many of the basic ideas had been being managed in philosophic and 
scientific circles almost since the Ancient Greeks. From 1943 to 1945, a kind of 
synergetic process was started up, triggered as the result of three basic works. First, 
Norbert Wiener, Arthur Rosemblueth and Julian Bigelow’s study (1943) on the 
nature of teleological processes where the crucial idea was that what was relevant in 
a homeostatic process was the information return and not the energy return via the 
feedback links. It is representative of the analytical approach. 

Following this, came the work of the young British philosopher, Kenneth Craick, 
published in the form of a small book called On the Nature of Explanation in 1943, 
a pursuit of a Theory of Knowledge which would be contrastable like any other 
Natural science. Craick offered a clear and powerful frame work within which to 
express the acquisition, processing, storage, communication and use of knowledge, 
through a type of behavioural approach. 

Third, the work of Warren McCulloch and Walter Pitts, A Logical Calculus of the 
Ideas Immanent in Nervous Activity, which was published in 1943. They elaborated 
the concept of a “formal neuron” and came to the final conclusion that a network of 
formal neurons, with an effective infinite memory tape, can compute any number, 
which is computable by a Turing Machine. It corresponds to the logical approach. 

From these studies, the systems theoretical approach evolved with powerful input 
from the Theory of Communication of Shannon and key figures in the field of 
Computer Science such as Von Neuman, in the case of the latter, with application to 
questions of computability, performability, capacity for reproduction and reliability 
of functioning. 



2 The Logical Approach 

The original paper of McCulloch and Pitts in 1 943 is the first illustration of how 
logical tools can be used to describe properties of the nervous system. Strictly, by 
the introduction of a very simple counterpart of a neuron the first explanation of 
automata in terms of neurons was achieved. 

F. Pichler, R. Moreno-Diaz, and P. Kopacek (Eds.): EUROCAST’99, LNCS 1798, pp. 8-13, 2000. 
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The formal theory was completed by the introduction of the interaction of 
afferents (logical counterpart of the so-called presynaptic inhibition) and later by 
structuring the nets in a hierarchy, to account for the neuronal synthesis of arbitrary 
probabilistic automata. 

From the propositional logic realization point of view, a formal neuron is a 
threshold unit, which fires or not at discrete time t-i-1 if the weighted addition of 
input signal values is equal or larger than a threshold at time t. That is, is strictly a 
linear logical circuit component, and two layers of formal neurons are necessary for 
the realization of any arbitrary logical function, or in McCullochs words, to realize 
an arbitrary proposition of the input arguments. 

In the fifties, there was a preoccupation with the questions about reliable 
computation and computation in the presence of noise, which gave as result the 
introduction of the probabilistic formal neuron, in which each input configuration 
has only a certain probability to fire the neuron. Also, fluctuating thresholds were 
considered. The “logical stability” of these networks was the addressed problem to 
find a model for reliable computation with unreliable units. 

In the early 60's a new biological paradigm, the so-called presynaptic inhibition, 
served as biological counterpart to introduce the interaction of afferents in formal 
neurons, so that a single of these revised unit is then able to compute any logical 
function of the input arguments. Formal neurons came then to be logical universal 
units. 

The theory developed, so that a much more transparent relation between automata 
theory and formal neural nets was obtained by the late Sixties. As a by-product of 
the analysis of stability and oscillations in formal neural nets, it was found that a 
fixed structure (anatomy) can compute all the possible patterns of oscillation for N 
formal neurons, and that each pattern can be evoked by an external input, serving as 
an example of dynamic, associative memory. It was obtained that any deterministic 
automaton can be realized by a neural net and vice versa, by relatively simple 
constructive rules. The extension to arbitrary probabilistic automata or Markov 
chains was worked out in the Eighties which was based on the ‘axon axonal 
interaction’ . By then, the theory of formal neurons, as it came from formulations of 
prepositional logic, was practically finished, except for new formulations to 
introduce fuzzy concepts and the problem of "contingency", which appears also in 
artificial vision systems. Considering the ‘automata-neural net duality’, this problem 
appears because small changes in the network structure may provoke large changes 
in the state-transition matrices of the probabilistic or deterministic automaton, that 
is, in the automata behaviour, and vice versa. There is still a challenge in 
appropriately introducing learning in Formal Neurons, and to find equivalent 
analysis and synthesis constructive theorems to go from continuous state variable 
automata to networks and vice versa, all from the point of view of the biological 
counterparts. 

Formal neural nets in their different formulations, are of particular interest to find 
connectivistic or granular representations of behaviour formulated at the automata 
language level, to find potential explanatory diagrams for natural neural nets and to 
provide for preliminary connectivistic mechanisms when modeling natural neural 
nets 

A different trend is that rooted in Rosemblatt’s concept of Perceptron which had 
an enormous upraise in the 80's, the so called artificial neural networks. This went. 
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however, away from neurosystems descriptions to form the parallel field of 
distributed granular computation. 



3 Analytical Approaches 

Analytical models and theories of parts of the nervous system can be developed 
when treating the front (sensory and effector) ends of the nervous system, where the 
level of symbolic complexity is still low. That is the case for the visual processing 
in the vertebrate retina, where more or less classical systems approach gives good 
description. 

Probably the most provocative single paper on the neurophysiology of a 
vertebrate visual pathway, that fired a legion of modelling efforts, has been that on 
the frog by Maturana, Lettvin, McCulloch and Pitts, in its two versions, engineering 
and anatomico-physiological . In fact, the behavioural connotations of the 
interpretations and conclusions of the authors inspired models and disquisitions far 
beyond from the crude "facts", that is, the nature of the neurophysiological signals as 
recorded from single fibers. 

Soon after, an program was started at MIT to develop computer programs which 
processed visual data from a vidicon camera (actually, the images were simulated, 
not real) with the aim to duplicate the described behavior of the retinal cells. The 
modelling was been developed, however, practically with no detailed anatomical or 
physiological support, and only driven by the desired results. A completely 
satisfactory model was not possible until the analytical approach was taken, in 
which all the proposed mechanisms underlying the behavior of the model had 
anatomical and physiological justifications. 

Lettvin, Maturana, and co-workers distinguished four major groups of retinal 
ganglion cells which report to the tectum. These have been designated as follows: 
Group 1 -edge detector. Group 2 -Bug detector, Group 3 -dimming detector, and Group 

4 -event detector ganglion cells. Of these, relatively simple explanations can be given to 
the operations of the Group 1, 3 and 4 ganglion cells. The Group 2 or bug detector 
ganglion cell, however, is more intricate and the most exciting cell to model because it 
is sensitive to small dark convex objects which move towards the centre of the 
responsive retinal field (RRF) of this cell. In essence, it is the most specialized pattern 
recognition cell of the frog’s retina. The models provide in fact for a fair illustration of 
how to proceed in analytical and neurophysiologically based models, by starting with a 
list of properties, or a list of specifications which the model should meet, and a list of 
the anatomical and neurophysiological restrictions in order to minimally converge in an 
optimum model. 

The analytical approach can be extended to higher vertebrate retina, by the 
introduction of the concepts of fast and delayed local signals at different retinal 
levels, lateral non linear spatial interaction, local non linear operations and 
integration at the cell body. The typical tools of systems engineering can in this way 
be successfully applied to models of cat’s avian and amphibian retina, leading to a 
generalized model for vertebrate retinal processing. 

The most recent illustration of the analytical techniques cames from the 
explanation of the microstructure of receptive fields of retinal cells by means of 
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discrete Newton filters and Hermite weighting functions, which provide for a very 
appealing system representation of dendro-dendritic interaction. 



4 The Multilevel Structure of Systems Tools 

Models, theories and formal representations and descriptions of real nerves and 
neurons have been dependant on the type of formal tools available at each time, so 
that even Descartes explained nerve action in terms of fluidodynamics. Only in the 
1930’s have strong enough system tools become available to attempt the system’s 
description of sensory nets. 

Besides formulations on the biophysics of membranes, the description of 
functions on neural nets took off significantly after the 1950’s. One of the first 
models of a neural net soundly proposed is precisely by Pitts and McCulloch, to 
recognize auditory and visual forms independent of position and size. Later in the 
60’ s, models of the action of the reticular formation neural nets of the vertebrates 
were proposed, where the neurons operate as rather complex pools, governed by 
probabilistic action. 

The most successful formal descriptions of real, more or less complicated neural 
nets are those of the retinal neural nets, which range from very complex operation in 
the case of specialized lower vertebrate retina to the more simple system description 
applicable to simple neurons in higher vertebrates. These nets take into account the 
layered structure of the system, with forward propagation of signals being 
processed, and very strong lateral interconnections. 

In the 80’s some rather sophisticated neuron models were proposed, with 
neuronal action already using a conditional, rule-based action. Later, the concept of 
a frame came up from Artificial Intelligence methods. One peculiarity of these nets 
is that the data processed by the units are taken— as corresponding to anatomy— from 
certain “receptive fields”, which, in general, transform into a “data field” within the 
“input space” and “output space” to produce new output-processed data. These 
conceptual models had been of use for models of higher level visual processing, 
association like neural processing, and reliability of neural tissue. 

Naturally, different levels of description of a real neural net require different 
levels of tools (see Table 1). One of the main problems in the formal description of 
real nets is that deeper layers of neurons, i.e. more central nets receive inputs the 
code of which is unknown, and which carry a heavy load of semantics. Also, the 
degree of cooperativity and the subsequent degree of reliability increases. That is, 
when going from receptors to cortex, the semantic complexity increases, as well as it 
decreases when going from cortex to motor and other effector ends. 

Thus, at the level of neurotransmitters, membrane phenomena and action 
potentials, the appropriate tools are those of biochemistry and biophysics. At the 
level of simple sensory neural codes and multiple coding, signal processing tools are 
appropriate. For visual coding in the retina and decoding in effectors (motor, 
glandular), the level tool is that of the classical systems theory. Finally, the level of 
neural input-output interaction and coordination, central neural code, generation of 
universals (invariants) and social-like interaction of neural nets, the level tools of 
Algorithmic, Symbolic and other from Artificial Intelligence became necessary. 
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Table 1. 



LEVEL 


TOOLS OE 


Neurotransmitters, membrane phenomena, action potentials 


Biochemistry- 

Biophysics 


Biophysics of neural codes and mnltiple codes 


Biophysics-Signal 

Processing 


Sensorial codes, decoding in effectors (motor and glandular), 
coding in retinal ganglion cells 


Classical System 
Theory 


Neural nets, input -output interaction and coordination 


Algorithmic 
(Logic, Symbolic) 


Central neural code, cooperative processes, generation of 
nniversals, social-like interaction of pools of neurons 


Symbolic, 

A.I. Techniqnes 



Concepts derived from the engineering of complex robotic systems are of help in 
understanding the control and command mechanisms of the nervous system. For 
high level modeling and description of neural nets it seems nowadays that the most 
sophisticated tools of intelligent, goal-based agents must be used to obtain relevant 
non-trivial neural net formal descriptions. 
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Abstract. The field of robotics is one of the most innovative in the last decade. 
Conventional industrial robots from the late 70 s are now only a tool on the 
production level. One of the oldest dreams of the robotic community - 
intelligent, mobile and humanoid robots - starts to become a reality because of 
the rapid development of “external” sensors. 

External sensors (e.g. visual, auditive, force-torque) offer intelligent robots 
the possibility to see, hear, speak, feel, smell like humans. Compared with 
conventional, unintelligent, industrial robots, intelligent robots can fulfill new, 
innovative tasks in new application areas. 



1 Introduction 

Industrial robots have been widely applied in many fields to increase productivity and 
flexibility and to help workers from physically heavy and dangerous tasks. From 
similar aspects the need on robots in service sectors - like robots in hospitals, in 
households, in amusement parks - is rapidly increasing. Cheap and accurate sensors 
with a high reliability are the basis for „intelligenf ‘ robots. For these intelligent robots 
known, conventional but complex applications are now possible to be accomplished 
as well as new applications are available not only in industry. 

There are three “starting” points for the development of intelligent robots: 

(a) Conventional, stationary industrial robots; 

(b) Mobile, unintelligent platforms (robots); 

(c) Walking machines. 

In all three cases unintelligent robots were equipped with external sensors step-by- 
step. This was possible because of the rapidly decreasing prices of the hard- and 
software for these sensors during the last years. Furthermore it was necessary to 
create new user interfaces. Users of unintelligent, industrial robots were persons with 
some technical knowledge. This is and will be only partially the case for intelligent 
robots for unconventional applications. Therefore modem human machine interfaces 
(e.g. speech programming) must be developed. 
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2 Intelligent Robot Systems 

2.1 Intelligent Stationary Robot Systems 

First ideas to create intelligent robots were to attach external sensors on conventional, 
stationary, classical robots. One examples for some first trials are assembly robots 
equipped with vision systems for part recognition. Such robots with additional force- 
torque sensors are also necessary for disassembly operations. One of the newest 
applications of stationary, intelligent robots is automated car fuelling. The robot is 
responsible for opening the tank and filling in the petrol. 



2.2 Intelligent Mobile Robot Systems 

Mobility is one of the main features of an advanced robot. Mobility can be carried out 
by wheels, chains, vacuum sucks, and others. Movable unintelligent robots are known 
since some years mostly used for transportation tasks in factories on the shop floor 
level. But they were guided by wires in the floor and therefore only partially 
“mobile”; like a car on a street. Mobile robots today are equipped with various 

external sensors (visual, auditive, proximity, ). This development was 

economically possible because of the decreasing prices of hard- and software of such 
sensors. Therefore mobile robots today are able to find an optimal way, in an 
unknown environment, by means of sensors. The main parts of such a mobile robot 
are: body, drives, power supply, moving devices, sensors, on-board computer, 
operating panel / communication module, safety devices (Fig. 2). 
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sensor system 




Fig. 2. Main components of a mobile robot platform. 

A common problem of all these robots is power consumption. The batteries 
available today are very heavy (approximately 40 - 50% of the total weight of the 
robot) and have only a limited capacity ( 5min - Ih operating time; depending on the 
tasks to be carried out). 

For control tasks, such mobile robot systems are usually equipped with an on- 
board computer (fast 586 or similar) and connected by wire or wireless with a 
stationary host computer. Connection by wire reduces dramatically the mobility of the 
robot. The drives are usually AC/DC motors. Safety devices (e.g. bumpers, ....) are 
necessary in cases of sensor failures. 

Intelligent mobile robots are commercially available today from different 
producers in various dimensions, for various purposes to reasonable prices [3]. They 
are in most cases single purpose devices - dedicated for distinct tasks in distinct 
application fields. This is a similar development to industrial robots in the late 70ies 
to “single purpose robots”. Because of the relatively high development costs of such a 
robot only few companies worldwide are willing to take this risk. That is one of the 
main reasons for the relatively low number of intelligent, mobile robots applied in 
industry. In the future it will be necessary to create intelligent, mobile, multi-purpose 
robots. One possibility could be a modular hard- and software system to combine 
these modules for special applications. First steps in this direction are in progress 
now. 



2.3 Walking Machines 

Walking mechanisms are a classical research field in kinematics since some decades. 
A lot of suggestions were made to imitate animal and human legs. First developments 
were multi-legged robots with 4, 6 or more legs. But walking of humans on two legs 
is - from the viewpoint of control theory - a complex, nonlinear stability problem. 
Now we have the necessary computer hard- and software available to solve this 
problem on line. We are on the way to so-called humanoid robots. 
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2.4 Robots in Entertainment 

One of the newest application areas of service robots is the field of entertainment, 
leisure and hobby because people have more and more free time. In addition modem 
information technologies lead to loneliness of the humans (telebanking, teleshopping, 
and others). Therefore service robots will become a real “partner” of humans in the 
nearest future. One dream of the scientists is the “personal” robot. In 5, 10 or 15 years 
everybody should have at least one of such a robot. Because the term personal robot is 
derived from personal computer the prices should be equal. 

Robot Soccer. From the viewpoint of multi-agent systems, a soccer game is an 
appropriate example of the problems in real world, which can be moderately 
abstracted. Multi-agent systems deal with research subjects such as cooperation 
protocol by distributed control, effective communication and fault tolerance, while 
exhibiting efficiency of cooperation, adaptation, robustness and being in real-time - 
playing robot soccer offers a perfect testbed for research in these fields. 

Depending on the category, a robot soccer team consists of one or three robots. For 
the current “major league” - MiroSot - each player’s mechanism and control must be 
packed into a cube no larger than 7.5 centimeters on a side (Fig. 3). The 130 x 90 
centimeters playing field is bounded on all sides to prevent the ball - an orange 
painted golf ball - from going out of play. 




Fig. 3. IHRT Robot Soccer Team “AUSTRO” - European Champion 1999 

The teams gather information about the location of the players and of the ball from 
small video cameras suspended above the playing field. That information goes first to 
a central control unit (“Host”) and then - as a set of command data - by radio to the 
robots themselves. For such a “Vision-Based Robot Soccer System” described above, 
the Host is responsible for the calculation of the robots behavior. Nevertheless, 
development is going in direction of a “Robot-Based Robot Soccer System”, where 
each robot hosts all the functions for fully autonomous behavior. All calculations are 
done locally in each of the robots - the host computer (if any!) processes vision data 
and forwards position information to the robots. This can be considered as a 
distributed control system, where each robot has its own intelligence. 
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3 Mobile Robot Systems at IHRT 

3.1 MaxiFander (Denning Branch International Robotics) 

This robot platform has been designed especially for research and education. The 
option of mounting heavy equipment (up to 25 kg) on the robot such as robot arms or 
even a PC chassis as well as possible handling at outdoor conditions, like rough, 
uneven surfaces, gravel, etc., together with the very simple structure of the robot 
makes it to an excellent tool for education in robotics. Together with the wide array of 
sensors provided by the robot (rotating sonar transducer, infrared proximity detectors, 
touch sensors, microphones, optical line followers), MaxiFander allows a 
comprehensive view of mobile robot control techniques. The robot comes with 
onboard 386DX microprocessor (486DX upgrade is also available) and source code is 
written in programming language C++ - download of the application programs is 
possible by means of floppy disk or serial interface. For input/output, the robot is 
equipped with a handheld numeric keypad with 16x2 alphanumeric LCD display. 



3.2 Nomad 200 (Nomadic Technologies, Inc.) 

Nomad 200 is an integrated mobile robot system with different sensing options. 
Besides tactile (sensor ring with 20 independent pressure sensitive sensors), 16 
channel infrared, 16 channel ultrasonic, and 2D laser sensor systems the platform is 
being controlled by means of an on-board multiprocessor system, which performs 
sensor and motor control, host computer communication, and supports on-board 
programming. The drive system of the platform utilizes a three servo, three wheel 
synchronous drive mechanical system which provides a non-holonomic (with zero 
gyro-radius) motion of the base and an independent rotation of the upper structure. 

Primarily, both robots are used for the laboratory courses in robotics. In addition, the 
platforms are the basis of some research and development work, among them: 

Development of a Task Oriented Langnage for Mobile Robots. The general idea is 
to provide with a programming language interpreter which should be able to deal with 
unexpected events that are normal to occur in the execution of a robot task, such as 
meeting an obstacle. Also the interpreter must be able to provide priority based 
scheduling of surveillance monitors when several events take place simultaneously. 

Intelligent path planning and collision avoiding algorithms nsing Nenro-Fnzzy 
approach. Two different strategies, the optimization of Fuzzy systems by means of 
Neural Networks as well as training of Neural Networks with Fuzzy mechanism, are 
being implemented to MaxiFander platform. 

Integrated Robot Navigation in CAD-Environment. This navigation system is 
being designed for both application of mobile systems in unknown environment as 
well as for pre-defmed surroundings. A special Graphical User Interface (GUI) - 
following the specifications of the chosen CAD package AutoCAD - should provide a 
convenient access to the real as well as to the simulated robot, and to the 
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representation of the environment. Through this GUI, the user can send commands to 
the robot, monitor command execution by seeing the robot actually moving on the 
screen, visualize instantaneous and cumulated sensor data. The user should also be 
able to create and modify a simulated environment by means of standard CAD 
functions, and use it to test robot programs. Programming of the robot platforms is 
accomplished by means of a common Meta-Language - an Interpreter kernel 
executed by the on-board control system on each platform transforms the commands 
to the particular robot programming language. 



4 Conclusions 

Future application oriented research in robotics is dominated by two main directions. 
Robots for classical applications have to be equipped with additional features like 
combined force and position control, external sensors based on microsystems, flexible 
and lightweight robots. Because of the decreasing number of installed robots new 
application fields will be recognized. One of these fields are the service robots. 
Service robots look quite different than conventional ones and therefore research have 
going on in additional directions such as external sensors, new grippers and gripping 
devices, new kinematic structures. Efforts have to be undertaken to further 
development of key components of these robots towards efficiency, performance, 
miniaturization and cost. Here the collaboration of research institutions, service 
industry and robot and component manufacturers has the potential to create valuable 
synergies. 

Last developments tends towards humanoid robots and “Multi-Agent-Systems - 
MAS”. Agents are similar to “holons” offering the possibility to apply MAS in 
product automation. 
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Abstract. The Real-Time Control System (RCS) Reference Model Ar- 
chitecture provides a well-dehned strategy for development of software 
components for applications in robotics, automated manufacturing, and 
autonomous vehicles. ADLs are formally defined languages for specifi- 
cation of software system’s designs. In this report, we describe the re- 
sults of an investigation into the use of an ADL to specify RCS software 
systems, and assess the potential value of ADLs as specification and 
development tools for RCS domain experts. The report also discusses 
potential influence of ADLs for commercial software development tools 
and component-based development. 



1 Introduction 

Architectural Description Languages (ADLs) are specification languages for ri- 
gorously describing and analyzing software system designs. This report provides 
the results of an investigation into the use of ADLs for formally defining the 
National Institute of Standards and Technology (NIST) RCS Reference Model 
Architecture [5]. 

The RCS Reference Model Architecture provides well-defined guidelines for 
construction of control software for autonomous real-time systems. We are study- 
ing means of formally representing architectures such as RCS in order to facilitate 
development, understanding, and analysis of complex systems. Communicating 
RCS in an unambiguous manner was our initial motivation. Beyond that, several 
potential benefits may accrue. ADLs may provide means of guiding construction 
of complex systems according to a given reference architecture. This can enhance 
productivity, reliability, and help ensure conformance to a specified architecture. 
Analysis tools associated with ADLs may enable developers to study the behavi- 
ors and performance of their system design. Although our study focussed on the 
RCS architecture, we believe that our results are applicable to other architectural 
models for complex systems. 

All significant ADLs were reviewed in a literature search that identified key 
language features relevant to RCS. Individual ADLs were examined in detail to 
assess their suitability as specification languages for capturing the structure and 
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function of the RCS Control Node. A detailed, comparative analysis of ADL 
features was not the scope of this study; readers interested in such an analysis 
should consult [16]. A single ADL — Rapide [15] — was selected to construct a 
prototype specification of a significant portion of the RCS Intelligent Control 
Node. The conclusions from out experiment provide a basis for both identifying 
requirements for ADLs to specify RCS software architectures and components as 
well as recommending future research directions for ADLs. We believe that our 
findings can be relevant to the application of ADLs to other complex, real-time 
architectures. 



2 The RCS Reference Architecture 

2.1 Overview of RCS Concepts 

Developed over the course of two decades at the National Institute of Standards 
and Technology and elsewhere, RCS has been applied to multiple and diverse 
systems [4]. RCS application examples include coal mining automation [11], the 
NBS/NASA Standard Reference Model Architecture for the Space Station Te- 
lerobotic Servicer (NASREM) [1], and a control system for a U.S. Postal Service 
Automated Stamp Distribution Center [26]. Manufacturing applications include 
the Open Architecture Enhanced Machine Controller [3] and an Inspection Work- 
station [18]. 

RCS provides a reference architecture and an engineering methodology to aid 
designers of complex control systems. Guidelines are provided for decomposition 
of the problem into a set of control nodes, which are arranged hierarchically. The 
decomposition into levels of the hierarchy is guided by control theory, taking into 
account system response times and other factors, such as planning horizons. RCS 
is focussed primarily on the real-time control domain. It can be further speciali- 
zed into application-specific versions. 4-D/RCS [5] is one such version, which is 
aimed at the design and implementation of control systems for intelligent auto- 
nomous vehicles for military scout missions. 4-D/RCS has been selected as the 
software architecture for Department of Defense Demo III experimental Unman- 
ned Vehicle (XUV) Program, managed by the Army Research Laboratories [23]. 
This particular flavor of RCS was studied with respect to ADLs. Figure 1 is a 
high-level diagram depicting a portion of an RCS hierarchy for an autonomous 
vehicle. Each node in the hierarchy is built upon the SP-WM-BG-VJ internal 
elements shown in Figure 2. RCS prescribes a building-block approach to de- 
signing and implementing systems. The building blocks are control nodes that 
contain the same basic elements. The elements, shown in Figure 2, are behavior 
generation (BG), world modeling (WM), value judgement (VJ), and sensory pro- 
cessing (SP). Associated with WM is a Knowledge Base (KB), which contains 
longer-term information. Each node receives goals from its superior and, through 
the orchestration of BG, WM, JV, and SP, generates a finer resolution set of 
goals for its subordinate nodes. The RCS control node uses an estimated model 
of the world, generated via SP and WM, to assess its progress with respect to the 
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Fig. 1. Example RCS Hierarchy for an Autonomous Scout Vehicle 



goals it was given and to make necessary adjustments to its behavior. BG’s sub- 
modules are the job assignor (JA), a set of plan schedulers (SC), a plan selector 
(PS), and a set of executors (EX). One SC and EX exist for each subordinate 
controlled by a particular RCS node. JA decomposes incoming commands into 
job assignments for each of its subordinates. Each SC computes a schedule for its 
given assignment. JA and SC produce tentative plans based on available resour- 
ces. PS selects from the candidate plans by using WM to simulate the execution 
of the plans and VJ to evaluate the outcomes of the tentative plans. The corre- 
sponding EX executes the selected plan, coordinate actions among subordinates 
and correcting for errors between the plan and the state of the world estimated 
by the WM. 




Fig. 2. Model for an RCS Control Node. 

3 Architectural Description Languages 

3.1 Overview of Architectural Description Languages (ADLs) 

Garlan and Perry define a software architecture as consisting of the “structure 
of the components of a program/system, their interrelationships, and principles 
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and guidelines governing their design and evolution over time” [9]. An ADL is 
“a language that provides features for modeling a software system’s conceptual 
architecture” [16]. 

ADLs provide language constructs for specifying the essential elements of a 
system’s software architecture. A generic set of ADL capabilities has been iden- 
tified in [10] [16] [28]. ADLs commonly describe software components by defining 
their interfaces and behavior in response to externally or internally generated 
stimuli. An interface definition may include a signature, i.e., messages and com- 
mands received and sent, as well as constraints on the signature. 

Some ADLs support specification of computations performed by a system, 
referred to as system behavior. Usually, an ADL employs a formally defined 
descriptive method or underlying computational model to provide the neces- 
sary semantics. Constraints on behavior are also defined in terms of the com- 
putational model. Examples of computational models are Finite State Machines 
(FSM), Communicating Sequential Processes (CSP) and Partially-Ordered Sets 
of Events (POSETS) . An ADL may allow description of the behavior of compo- 
nent interfaces, component internals, and component connections. 

Shaw [22] and Allen [6] provide rules or constraints that place limitations on 
how components may be connected and what system topologies may be descri- 
bed. One example of an architectural style is a top-down hierarchical architecture. 
Some ADLs allow explicit declaration of architectural styles. 

The use of a well defined, rigorous specification language provides a basis for 
formal analysis of a specification and the verification of software system designs. 
Some ADLs employ formal proof techniques to determine whether desirable pro- 
perties, such as internal consistency, hold within a specification. Analysis of ADL 
specifications may also take place through simulation support tools, which allow 
the specification to be executed and a result to be computed, thus simulating 
the computations to be performed by the system being specified. 

Gaps in the support provided by object-oriented tools and methodologies [13] 
further stimulated interest in the potential of ADLs. Object-oriented methods 
in general are data-centric, providing only for some generic behavior description 
capabilities. Analysis of the architecture and simulation of the execution of an 
architecture are not possible in most object-oriented tools. In response to these 
gaps, the Object Management Group recently issued a Request for Proposals 
under the title “UML Profile for Scheduling, Performance and Time” [21]. This 
proposal is aimed at expanding the UML to include support for modeling of 
time-related paradigms, which are essential for the design and specification of 
real-time systems. 



3.2 The Rapide ADL 

Rapide [15] is an ADL and supporting tool set developed at Stanford University 
in the mid-1990s. This ADL was chosen as the primary focus of this study 
because of its well-developed capability for representing and simulating real-time 
system designs. 
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Rapide supports most of the features described above that are common to 
ADLs. Rapide permits definition of a set of component interface types, each of 
which has a signature that includes events generated and received by components 
of that type and a description of the component’s behavior. An interface may also 
define constraints that require dependencies between events, place limitations on 
the order of events, constrain parameter values, or make other limitations. The 
internal details of the components themselves — known as modules — may also be 
specified. A module description specifies internal behavior and supporting data 
structures that allow the module to conform to its interface. 

The software architecture is formally described by connecting types of events 
generated in one interface specification to events received by another interface. 
A module conforming to an interface may be decomposed into a sub-architecture 
consisting of a set of connected component interfaces. 

Connections between types of events of different interfaces and the specifica- 
tion of a component’s behavior define causal dependencies of the events. During 
the simulated execution of a software architecture, these dependencies can be 
aggregated to form POSETs, or partially ordered set of events. 

An event is said to be causally dependent on all events that either directly 
result in its generation or in the generation of its predecessors. It is independent 
of all other events. In actual Rapide specifications of architectures, very large 
causal sequences of event types and event constraints can be defined both in 
interface definitions and as part of connections between interfaces. The causal 
sequences serve as a basis for “executing” a specification using Rapide software 
support tools to produce simulations. 

In Rapide the POSET is the basis for automated analysis conducted by 
an associated toolset. A Rapide specification may be defined using the RAP- 
ARCH tool, which has a graphical front-end, to specify interfaces and interface 
connections in a software architecture. When compiled and executed, the Rapide 
specification produces a POSET for the defined architecture. Rapide provides 
a simulation tool called RAPTOR for producing an interactive graphical ani- 
mation of the execution of the specification in which interfaces and connections 
are depicted as icons while event icons move between interfaces. The POSET 
Viewer gives a static picture of a POSET with events and causal arrows between 
events. Query functions can be used to select interesting subsets of the POSET 
and provide detailed information. A method is provided for verifying system de- 
signs against a more general Reference Model architecture based on comparison 
of POSETs. 



4 The Experiment 

In order to help answer the questions about the applicability of ADLs to RCS, 
the Rapide ADL was used to specify a large piece of the RCS Intelligent Control 
Node. The specification was developed by two of the coauthors: one focusing on 
the study of ADLs; and the other, a domain expert in design of RCS systems 
who regularly reviewed the model and guided its evolution. The specification was 
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reviewed and verified by a larger group of experts in RCS. In addition, the use of 
an ADL to ascertain conformance of individual system designs to the Reference 
Model Architecture was examined. A detailed description of the experiment, 
including the Rapide source can be found in [7]. 

Overview of the Prototype Specification Component interfaces were defi- 
ned for each 4-D/RCS Intelligent Control Node together with the events handled, 
sent, and received and applicable constraints for the module. The specification 
provided the decomposition of the Control Node into its major subcomponents. 
Behavior Generation was further decomposed into Job Assignor (JA), a set of 
Schedulers (SC), a set of Executors (EX), and a Plan Selector (PS). World Mo- 
deling (WM) was decomposed into Simulation and Knowledge Base components. 
The architecture specification included the connections between the interfaces 
defined for the modules. A sufficient amount of behavior was included to allow 
the architecture to be simulated using the Rapide toolset. The entire specifica- 
tion encompassed more that 1000 lines of Rapide code. 

Details of Job_Assigner and Scheduler Functions The use of ADLs to 
specify RCS is illustrated in a sample Rapide description of the interaction of 
two subcomponents of the RCS Behavior Generation Module: The Job_Assigner 
and a Scheduler (of which there may be several instances). The conceptual design 
for this representative fragment of the Reference Model functionality is shown 
graphically in Figure 3. The fragment contains only a subset of the actual events 
and behavior defined for these components. The specifications of algorithms for 
computing schedules and selecting plans in underlying modules are omitted from 
the Reference Model Architecture because they are application-specific. 




Fig. 3. Job_Assigner and Schedulers in the Behavior Generation Module 

Figure 3 shows a Job^Assigner component defined as a Rapide interface. 
The Job-Assigner interface signature receives a Do_Task event representing an 
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input task in which ?Task is the argument variable for a task name. The Job- 
Assignor generates a Fetch_task-frame event with the job name as an argument 
that is passed to the World-Modeling module. World-Modeling returns a task 
frame data structure containing information necessary to perform the task re- 
ceived by Joh-Assigner as a RCV -Task-Frame event. The underlying module for 
Job- Assignor decomposes the task frame into job assignments (not shown) for 
the schedulers. Figure 3 depicts the generation of a Schedule-Job event, repre- 
senting a job assignment to the Scheduler interface. The Scheduler receives the 
Schedule-Job event. Its underlying module computes a schedule, which is trans- 
mitted as an event through the interface outside of Behavior-Generation to the 
World-Modeling plan simulator. This is depicted as a plan in Figure 2. Ultima- 
tely, the simulated plans are evaluated by Value Judgement and returned to the 
Plan Selector in the Behavior Generation module (not shown in the example). 
The Scheduler interface is also shown as returning a Status event with a ?Sta- 
tus variable. Values for specific status events would be generated in underlying 
modules that conform to the interface. 



Specification of the Interfaces, Behavior, and Constraints A partial Ra- 
pide specification of the Job-Assigner interface is given below. The Job-Assigner 
is declared to be of type Interface. The signatures for the events received by, and 
sent from this interface are provided including variable arguments and their 
types. 

TYPE JobjVssigner Jnterface IS INTERFACE; 

ACTION 

IN 

Do_Task (Task : Task_Command_Frame) , 

RCV_task_frame (Task : Task_Command_Frame; TF : Task_Frame), 
SC_Status (CR : Controlled Jlesources; ST : String); 

OUT 

Schedule-Job (Job : Task_Command_Frame), 

Fetch-task-frame (Task : Task-Command_Frame), 

Decompose -task-frame (TF : Task_Frame), 

JA-Status (?status); 

BEHAVIOR 

(?Task : Task-Command_Frame) 

Do-Task (?Task) ||> Fetch-task-frame (?Task); 

(?Task : Task-Command_Frame; ?TF : Task-Frame) 

RCV -task -frame (?Task, ?TF) ||> Decompose-task_frame(?TF);; 

END; 

A portion of the behavior depicted in Figure 3 is also specified. The receipt 
of a Do_Task command to perform a task triggers a request for a task frame con- 
taining essential information needed to perform the task. A causal connection is 
defined between these two events. The receipt of a RCV-task_frame command 
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results in a Decompose_task_frame in which (?TF) denotes the variable placehol- 
der for the task frame which is transferred. The Schedule_Job and Status events 
are generated through the interface by underlying conforming modules which 
also instantiate the necessary arguments. These are omitted from this portion 
of the specification example. 

The specification of the Job_Assigner is supplemented by the declaration of 
constraints shown below. 

CONSTRAINT 

- (Cl) Do not allow causally independent Do.Task and Schedule.Job events 
NEVER (?Task : String; ?Job : String) 

Do_Task (?Task) || Schedule-Job (?Job); 

- (C2) Do not allow causally independent Do-Task and Status Message events 
NEVER (?Task : String; ?status : String) 

Do_Task (?Task) || JA.Status (?status); 



Constraint Cl prohibits the independence of Do_Task and Schedule_Job 
events, while constraint C2 prohibits independence of Do_Task and Status. 
Events. These constraints require that that these events must always he rela- 
ted in a causal sequence. 

Specification of the Architecture The specification of the portion of the 
Behavior Generation architecture from Figure 3 is given below. This specifica- 
tion shows the connection of the events between the Job .Assignee, an array of 
Schedulers and the Plan Selector. 

ARCHITECTURE BGAlodule^Vrch () . . . 

IS 

JA : Job.Assigner.Interface IS Job.Assigner.Module(); 

SC : array [integer] of Scheduler.Interface IS 
(l..$Num.ControlledJlesources,. . . ) 

PS : Plan_Selector Jnterface IS Plan_Selector_Module();. . . 

CONNECT 

(?Job : Task.CommandT"rame) 

JA.Schedule.Job(?Job) ||> SC i.RCV_Schedule_Job(?Job); 

(?CR : Controlled-Resources; ?ST : String) 

SC[ i].SC_Status (?CR, ?ST) ||> JA.SC_Status (?CR, ?ST); 

(?CR : Controlled-Resources; ?Job : Task.CommandT"rame; 

?Sched : Schedule; ?ST :string) 

PS.SND-PS-Status (?CR, ?Job, ?Sched, ?ST) ||> 

SC[i].RCV-PS-Status (?Job, ?Sched, ?ST); 



Note that each of these components is declared as an instance of one of the ty- 
pes defined above. This is followed by explicit connections between OUT events 




RCS Reference Model 



31 



in the interface of one component and IN events in another interface via the 
CONNECT keyword. The Rapide symbol “||>” is used to indicate a causal 
connection between these events. 



Execution of the RCS Intelligent Control Node Architecture The decla- 
ration of causal connections between events in Rapide interfaces and in the decla- 
ration of the architectures defines a causal sequence of events. The execution of 
this architecture produces a POSET, which can be used to analyze sequences 
of events and causality. A portion of the POSET generated by the execution 
of the RCS control node is shown in Figure 4, which omits intervening events 
not described in the partial specifications given above. The figure shows the 
causal connection between the Do.Task event and a Fetch_Task_Frame event 
that retrieves information necessary to initiate scheduling activity. When the 
Job_Assigner receives the Task_Frame, this triggers the Decompose_Task_Frame 
event followed by the ScheduleJob event that is forwarded to a set of Schedulers. 
POSETs such as the one shown were useful for analyzing sequences of events 
and communicating behavior of the architecture. 




(SC#1) (SC #2) (SC #3) 

Fig. 4. Event trace of Rapide Reference Model Specification 

Verification of Individual System Designs Against the Reference Mo- 
del Architecture Rapide provides a capability for verifying that the behavior 
of a system design, or concrete architecture, conforms to that of a more abstract 
architecture, such as the RCS Reference Model Architecture. This is accom- 
plished by first declaring a set of constraints in the abstract architecture and 
then declaring an equivalence, or mapping, of events from the concrete to the 
abstract architecture. The abstract architecture is then executed with the “map- 
ped” events of the concrete architecture replacing events originally defined in 
the abstract architecture to create a POSET event trace similar to Figure 4. 
Conformance to constraints of the abstract architecture is tested. If constraints 
are violated, error messages appear in the POSET as events, indicating that 
the concrete architecture is non-conformant. The conformance verification fea- 
ture was exercised and found to be useful. One of the challenges facing RCS 
developers is ensuring that their systems comply with the RCS reference model 
architecture. 
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5 Conclusions and Recommendations 

5.1 Specifying and Analyzing RCS 

Based on informal review by RCS experts, the Intelligent Control Node speci- 
fication was successful in capturing and representing major RCS architectural 
concepts. To date, it is the most rigorous representation of the reference model 
architecture. However, the specification had to be simplified and modified to 
allow the application of specific RCS keywords, and supplemented by the use of 
graphical support. The simulated execution of the Control Node Architecture 
reinforced the specification and proved to be a valuable aid in communicating 
the architecture by enabling reviewers to visualize the topology and high-level 
execution of the Intelligent Control Node. 

The structure and behavior of the RCS Reference Model Architecture were 
captured by Rapide. Aided by the simplification of the specification and the 
use of graphics, the Control Node module Interfaces and signatures were clearly 
defined. Module connections, even though not definable in Rapide as explicit 
types-or first-class objects- were also easily communicated. The successful re- 
presentation of the RCS Control Node hierarchy indicates that representation 
of other parts of the multi-level architecture described in Section 2 should be 
possible. 

The ability to create a precise, communicable specification of the RCS Refe- 
rence Model Architecture led to potential improvements to the architecture itself. 
Two possible changes to the Architecture as described in [5] were identified, one 
of which will be described. In the model described in Section 4, Job_Assigner 
applies a Fetch_Task_Frame operation to retrieve the task knowledge necessary 
for task decomposition. Although this operation is not explicitly stated in the 
RCS Reference Model, we found it consistent with the usage of task frames and 
found it effective in our experiment. Therefore, this operation may be proposed 
as one of the accepted Job_Assigner functions in its specification. This illustrates 
the potential of ADLs as practical tools for development of the Reference Model 
Architecture and software designs in general. 

The use of an ADL to verify the behavior of an application system de- 
sign against the Reference Model Architecture was demonstrated as a proof-of- 
concept in the Control Node prototype. However, RCS domain experts maintain 
that verification of the system topology is at least equally important for the 
Reference Model Architecture. This form of verification involves showing that 
the application system contains the same basic structure including components, 
event connections, and data structures as the Reference Model. As a result, two 
kinds of verification are important from the standpoint of RCS. The first is ve- 
rification to the structure of the Reference Architecture including existence of 
specific components, events, and control flows. The second is verification of be- 
havior, including behavior within components and behavior across component 
connections and an entire architecture. Verification of behavior is the focus of 
Rapide. 

Further research is necessary to define techniques for demonstrating con- 
sistency with system topology. Work in extending Rapide' s POSET model to 
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verification of system structure has been reported in [27]. In SADL [19], Mori- 
coni describes a general approach, called architectural refinement, that utilizes 
theorem proving techniques. In this approach, proofs are constructed to show 
that in the case when a more general or abstract architecture is applied to pro- 
duce a more detailed design, that any system that correctly implements the more 
detailed design also correctly implements the abstract architecture. Refinement 
is used to demonstrate correctness with respect to the connectivity of events 
between modules at different levels of abstraction; and this approach may be 
applicable to the problem of verifying application system designs. 

5.2 Appropriate Abstractions for RCS Architectures 

Owing to evidence in biological systems and theory of control science, RCS pre- 
scribes rules for decomposing the control hierarchy for a system. In his “Outline 
for a Theory of Intelligence,” [2], Albus proposed that: 

“In a hierarchically structured, goal-driven sensory interactive, intelligent 
control system architecture, control bandwidth decreases about an order of ma- 
gnitude at each higher level, perceptual resolution of spatial and temporal pat- 
terns decreases about an order of magnitude at each higher level, goals expand 
in scope and planning horizons expand in space and time about an order of ma- 
gnitude at each higher level, and models of the world and memories of events 
decrease in resolution and expand in spatial and temporal range by about an 
order of magnitude at each higher level.” 

These English language rules must be encoded into ADLs in order to repre- 
sent fully the semantics of an RCS system. Temporal scales and spatial extents 
relative to other levels of the hierarchy must be represented and validated. While 
existing ADLs can meet some of these requirements, further work on ADLs ad- 
ding methods to define these measures and to express constraints among them 
is needed to allow specifications such as those quoted to be stated and applied. 

The syntactic description was simplified and altered to conform to the de- 
scriptive forms familiar to RCS experts. RCS experts found specifications much 
easier to understand when RCS terminology was used. As an example of this 
approach, instead of declaring an RCS module such as SCHEDULER as a compo- 
nent or interface type, it should be possible to introduce a higher-level language 
type called RCS .Module in a specification that could serve as a “meta type” 
for the definition of interface types that are specific to RCS such as SCHEDU- 
LER. As a long-term goal, ADLs should allow specifications to be stated at 
a sufficiently high level of abstraction for non-computer scientists so that they 
are easier to understand than a program written in C-|— 1-. This argues for the 
development of either a flexible ADL with an extensible syntax that can be 
specialized for RCS or a domain-specific ADL that utilizes RCS terminology. 

To facilitate communication of RCS system behavior, an ADL must provide 
an effective means for abstractly specifying algorithms, component behavior, 
and performance. While some ADLs may allow representation of all or most of 
the behavior needed for RCS, this requirement may lead to defining additional 
language constructs to more directly represent specific RCS behavior. It may also 
require additional facilities for guiding developers in generating their component 
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specifications, through for example, templates that they can fill in, as proposed 
in [12] and [17]. As with system structure, such capabilities would allow ADLs 
to specify essential aspects of behavior at a higher level of abstraction than for 
programming languages. These capabilities could be part of a domain-specific 
ADL with a syntax that is customized for RCS systems. 



5.3 General Software Development Support 

It is often important to be able to divide the processing into atomic processing 
components that can be executed serially or in parallel, which will facilitate pro- 
cess cessation and make it deterministic. Therefore, it is important that an ADL 
be able to specify processing characteristics such as process modularization, par- 
allel and serial execution. Serial and parallel processing capabilities are provided 
by some ADLs, including Rapide. 

It is desirable to allow capturing performance statistics, such as timing, sta- 
tes, and errors. These would be useful in system diagnostics and maintenance. It 
should be noted that Rapide does provide the capability to capture time-related 
data which could not be exercised in this study due to resource limitations. 

For designing real-time systems, an ADL should define notions of duration 
in time of processes, mixed asynchronous and synchronous processing, spatial 
scope of a process or set of processes, algorithm and component complexity, and 
determinism in execution. 

One of the benefits of rigorously specifying RCS designs is that it is possible 
to check the completeness and internal consistency of the reference model ar- 
chitecture before it is used as a basis for developing individual system designs. 
By providing a basis for formalized, or at least rigorous specification, most ADL 
products surveyed also provide a basis for development of automated analysis 
capabilities. In the case of Rapide, analysis is based on simulation of the execu- 
tion of a system architecture and analysis of POSET traces. This proved to be 
valuable for visualizing, understanding, and verifying system behavior. 

Other ADLs take different approaches using automated tools for analysis 
of specifications based on formal methods approaches. SADL [20] uses w-logic, 
a weak second-order logic, as a basis for proving the correctness of mappings 
between architectures at different levels of abstraction. Wright [6] uses First- 
Order Logic to specify constraints and a Communicating Sequential Processes 
(CSP) computational model to specify behavior of components and connections, 
providing a basis for a set of automated checks on specification consistency and 
completeness. Examples from Wright are checks that determine the existence of 
a deadlock condition within the specification of the behavior of an architecture 
and checks to determine compatibility between connections and components. 



5.4 Transfer of ADL Concepts into Real-Time Development Tools 

Presently, there are a number of public domain and commercially available soft- 
ware support tools for design and simulation of real-time software systems. These 
tools have well-developed facilities for designing and implementing individual 
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software systems. However, they do not typically provide any guidance to users 
about how to structure their system or make other design decisions. ADLs intro- 
duce notions of software architecture that could potentially provide additional 
structure in order to improve the capabilities of these tools. Users or enterpri- 
ses could set preferences in term of which architecture or architectural style is 
to be used in developing systems. The tools would then either guide designers 
as the system is being developed or could flag situations where the architec- 
ture or style are violated. Further effort is necessary to explore the potential 
of infusing ADL concepts into real-time development support tools. This ave- 
nue could provide the benefits of ADLs to end users while shielding them from 
having to learn a new language and concepts. The real-time development tools 
would guide users in constructing systems per rules for a prescribed architecture 
through their graphical user interfaces. The users would not be burdened with 
the underlying mechanics of the ADL specification. In addition to design, ana- 
lysis and simulation capabilities from the ADLs could be incorporated into the 
tools. The tools could generate executable or source code. This would automati- 
cally assure traceability from the desired architecture through to the executable 
code. Eventually, tools using ADLs could support highly automated composition 
of real-time systems from existing or tailorable components. 

5.5 ADLs and Component-Based Software Reuse 

There is potentially a strong relationship between ADLs and component-based 
software reuse. ADLs go beyond providing just the signature specification for a 
component or subsystem. They allow developers to see the big picture, where 
their particular pieces fit in, and how the pieces are expected to behave or inter- 
act with the rest of the system. Simulation of components provides additional 
benefits not available in typical notations or descriptions of software components. 

ADLs could be extended to support reuse with additions of specific language 
features based on reuse concepts from the literature on domain engineering [14] 
[24] [25], thus providing a basis for automation of software development. Domain 
engineering is the process of developing reusable software for a family of systems 
with similar requirements. An architecture specification may identify optional 
components, parameterizable components, or even entire subarchitectures that 
can be varied. Guidelines would be used by developers with the aid of support 
tools to select options and customize the specification for particular applications. 
This concept could be further extended by the use of software support tools that 
assist developers in selecting and modifying system designs and components. The 
resulting system specifications potentially could be automatically composed and 
generated using the support tools. An example of such a system for automated 
generation of system requirements is provided in [8] . 

6 Summary 

This report has provided the results of an investigation into the use of architec- 
tural description languages to represent the RCS Reference Model Architecture 
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and RCS software components. ADLs have the capabilities to represent RCS 
and to be useful tools for further developing RCS. However, several areas of 
research are suggested in order to make ADLs more effective tools for RCS soft- 
ware specifications. Transfer of ADL concepts into existing real-time software 
development tools is another important direction to pursue. It is the hope of the 
authors that this work provides a contribution towards both the development of 
ADLs as tools for software component technology and the formalization of the 
RCS Reference Model Architecture. 
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Abstract. Conceptual Design methods place some intermediate solution steps 
between problem definition and final technical solution. Functional 
Decomposition is such a method which aims at finding solution concepts in 
terms of functions first and, after that, technical realisations for the individual 
functions. The role of mathematical models in conceptual design is to provide 
some coarse quantitative assessment of certain solution concepts, and 
furthermore, to clarify the relationship between the Functional Requirements 
and the Design Parameters. Later on, in the more detailed design steps refined 
mathematical models are used. What is their relation to the early models used 
in conceptual design? The concept of perturbation analysis seems to provide a 
framework for defining and understanding these relationships. 



1 Conceptual Design and Functional Decomposition 

Formally, design could be defined as a mapping from the space of required 
functionality (RF) on a certain system under consideration (SUC) to the space of 
feasible technical solutions (TSs), see Fig. 1. For even moderate complex design 
tasks, one never will know all TSs, even more, one cannot say something about the 
structure of this space. 

Design is a bi-directional process (see Fig. 2). First - in a forward step - some 
seemingly possible solutions are picked up, which then - in a backward step - have 
to be analysed whether or not the given requirements are be fulfilled. Normally, a 
great number of forward (creative) steps and backward (analysis) steps must be run, 
until a satisfactory solution is obtained. 

A direct way from the RF to the detailed TS mostly is impossible. Some 
intermediate planning levels - conceptual design stages - must be placed in between 
to find feasible solutions in reasonable time and at reasonable expense. So far, this is 
common practice in design, whereas the methods and principles applied in this 
conceptual design phase differ strongly. A vast number of conceptual design 
strategies based on various terms - often for the same idea - have been developed [4- 
7], there are different personal styles, and different needs of the diverse industrial 
branches. 
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Fig. 1. Desing:= mapping Required Functionality to the Space of Technical Solutions 
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Fig. 2. Conceptual Design, forward creation and backward analysis 

A direct way from the RF to the detailed TS mostly is impossible. Some 
intermediate planning levels - conceptual design stages - must be placed in between 
to find feasible solutions in reasonable time and at reasonable expense. So far, this is 
common practice in design, whereas the methods and principles applied in this 
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conceptual design phase differ strongly. A vast number of conceptual design 
strategies based on various terms - often for the same idea - have been developed [4- 
7], there are different personal styles, and different needs of the diverse industrial 
branches. 

A widely addressed principle in conceptual design is, to think in terms of 
functions and not in terms of technical solutions [4-6]. In a very clear and expressed 
way, this is proclaimed by Suh [7], who also introduces the terms Functional 
Requirement (FR) and Functional Decomposition. The clear definition of the design 
task in terms of a minimal number of independent FRs is a major issue to apply his 
design principles. This is a very challenging but decisive step for the final success. 
Of particular importance and difficulty is to work out the minimal number of FRs 
and to relate them to the needs of the customer. 

In [1,2], the authors define a Functional Solution Concept (FSC) to be a class 
of technical realisations (TRs). In other words, an FSC constitutes a subsets of all 
the feasible TRs, which have some common properties. Since FSCs are defined in 
terms of physical functions, like, for instance, guiding or positioning of mechanical 
parts, or amplifying a voltage, they seem fully independent of the technical 
realisation. From a design viewpoint this is inadequate, because a concept for which 
not even one technical realisation exists, is useless. Even more, design engineers 
rarely think only in abstract terms. Very often, a new concept is initiated by specific 
technical solution which in a second step is elevated to the more abstract level of a 
functional solution concept. 

The solution is generalised to a class of solutions by picking out some essentials. 
This supports to find other TSs, belonging to the same FSC as well as to seek for 
alternative FSCs. These diverse FSCs must be evaluated comparatively with respect 
to the RF to skip non promising concepts. This is much faster and cheaper then 
evaluating all the TSs. However, at abstract levels feasibility never can be judged 
completely, because obstacles can arise at a later, more detailed stage. Thus, 
fulfilment of the FR at the FSC-level only is a necessary but never a sufficient 
condition. 

Design not only aims at fulfilment of requirements but also at optimality. Since 
in practice various criteria do exist, design is a multi-criteria optimisation problem, 
for which a strict optimum is not defined [10]. From the conceptual design 
viewpoint the question arises how to judge on the different FSCs with respect to 
their potential to become an “optimal” solution. To our knowledge, so far only Suh 
[7] has addressed this question - at least implicitly - by his design axioms. As a brief 
of his ideas, simple structured FSCs have a higher potential than complex ones. 

From the practical design viewpoint a systematic conceptual design approach 
should be 

• leading to a modular design and supporting parametric variant design - where 
advantageous 

• acting as a guidance for an overall systematic design process (also for detail 
design) 

• giving a sound strategy for the selection of special variant design parameters - 
where advantageous 

• leading to a standardisation of the documentation of the design process 

• giving good support for later detail design work 
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• giving a better understanding of the problem structure of very large and 
complex SUCs 

A lot of the just described aims and purposes only can be realised for complex 
technical systems, if the design process, in particular also the conceptual phase, is 
computer assisted. For a broad practical acceptance, computer assistance should 
fulfil several common demands on modern software. It should be easy to handle, 
should have user friendly interfaces, should be based to a large extent on 
standardised and widespread software, and furthermore, it should be compatible to 
the other CAE-tools in use. Design and its documentation requires different software 
packages, ranging from common CAD tools, computer simulation environments and 
mathematical programs to simple editors and data bank systems for the description 
of the design process and knowledge data. 

In [8] the authors have presented a software based on the data bank system MS 
Access to map the FD structure and all the relevant data on the computer. 



2 Mathematical Modelling and Perturbation Analysis 



A competent evaluation of the different FSCs also requires some qualitative 
evaluation of its structure and an assessment of its feasibility to meet the FRs also 
quantitatively. For this purpose mathematical models are useful whereas not always 
available. As a vague definition, if they reflect the essence of a certain FSC in the 
light of the given FRs, we call them Essential Mathematical Models (EMM). 

The EMM should represent the relationship between the relevant physical 
balance and material laws, the FRs, and DPs. As indicated in the Dependency Graph 
(DG) in Fig. 3, the state X (or functionals of it) of the system and the FRs and DPs 
are involved. Clearly, the state X can be more complex than a vector, it is for 
instance an element of a function space if field problems are involved. 

Suh’s first of his two design axioms [7, page 47], the so called independence 
axiom, claims that a good solution concept is characterised by an uncoupled relation 
between the FRs and the DPs. This can be easily checked by the EMM. 

If the state X is discrete, the relationship between the DPs and the state X may be 
expressed by the incidence matrix B\ 

X = BDP 

with X E , DP E R^°‘‘ and B g{r X R ^ dp j . ^ means depends on. 

Furthermore, there is also a relationship between the FRs and the state X: 



™ = {™“};raa=C„ V ,FRp=Ai,^DP 

with XeR”^ , FR^eR“, Cq, g (i? " X i? FR^e , and 
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{X} 




Fig. 3. Dependency Graph 

Combining these dependency relations, we get the dependency between the FRs 
and the DPs. 

FRa=Ca X ■ B ■ DP = T„ ■ DP ■, 

FRp =Ap DP = Tp DP 

FR = \^ \ = DP = T ■ DP- DP = T~^ ■ FR = V ■ FR 
[FRp] \Tp\ 



A second purpose of mathematical models is to rule out whether the required 
functionality also can be met in quantitative terms, geometrically spoken, does the 
space of reachable FRs (see Fig. 4) include the required value of FRs. This, off 
course, needs some information on realistic values of the DPs, which is a technical 
statement. Quite often, from the general technical knowledge we have an idea of 
realistic values of certain parameters. For instance, strength parameters or density of 
metals, torque and power of certain classes of electrical drives, to name only a few. 

EMMs preferably should be analytic models. Then, all the above manipulations 
can be done automatically in any modern symbolic manipulation program as 
outlined in more detail in [9]. 

The EMMs must incorporate the design parameters (DPs) but not always in 
technical terms, because the technical details appear only at later phases of the 
whole decomposition. Clearly, there must be some equivalence between the possibly 
abstract DPs in the EMM and the final technical DPs. Thus, the EMMs rule out the 
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Fig.4. Quantitative Assessment 



influence of the main parameters of a certain model. As an example we consider the 
bending stiffness of a beam in beam theory model and the corresponding cross 
sectional parameters of the technical beam. 

At more detailed levels, further and more refined models (RFMs) are used. We 
expect them to better approximate reality of this detailed design than the EMMs. As 
the RFMs refer to a more detailed system they need more data, are more complex, 
need more time to be set up and to get results (run simulation). But, what is their 
relation to the EMMs? 

As explained above, the results obtained by the EMMs should not be fully 
contradicted by the RFMs, otherwise the EMMs are of little use. But how to 
compare these models? At the RFM level more and possibly different DPs are 
involved, and the state space X is of higher dimension. What are the relevant criteria 
for neighbourhood of simple models, in particular EMMs, to reality or to RFMs 
from a design point of view? In more mathematical terms, is there an adequate 
“metric” to judge on the distance between different models, and, furthermore, 
somewhat like a universal rule, to assign the attribute “essential” to a model? 

Following Nam P. Suh, see [7], the design is assessed by the fulfilment of the 
RF in terms of the FRs. In order to operate mathematically, these FRs must be 
mathematical expressions. They involve some functions of state of the system and 
map it to the “space of FRs”. 

These questions are related to the class property of a certain FSC. With the 
additional parameters of an RFM the system behaviour is modified. If we go to 
extremes of these parameters the basic functioning principles and the validity of the 
EMMs - quite often - can be destroyed. Consider again the beam model of beam 
theory and an actual beam with its real dimensions and its modelling as 3D elasticity 
problem. If slenderness of the beam is violated or loading conditions are beyond 
those of elementary beam theory, it is no more valid, even qualitatively. 
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Definition. The characteristic property of an EMM is, that for any related refined 
functional model (RFM), in principle a combination of all its parameters exists, 
which gives the same values of the FRs, and that the additional parameters of the 
RFMs - those not existing or having a pendant in the EMM - influence the FRs in a 
regular manner, in particular, as a regular perturbation. 

Seemingly, this is in contradiction to the fact that a refined model with additional 
degrees of freedom quite often is a singular perturbation of the original, simpler 
model, for instance in dynamics, if the evolution of the states of both models is 
compared under general initial conditions. The discrepancy is resolved, because 
what counts is not the system behaviour under any general (e.g., initial) condition 
but the fulfilment of the FRs, which are functionals of state, under realistic 
conditions. 



3 Conclusion 

The Functional Decomposition method provides a hierarchically structured approach 
in the conceptual design of technical systems. It not only helps to find a good 
technical solution for a give problem but also reflects the “problem structure” as 
well as the design history, if it is properly documented. Its documentation even for 
moderately complex systems needs computer support. Data bank system are well 
suited for this purpose. 

Mathematical models of different complexity should convene the design 
process. At the rather abstract level of functional solution concepts so called 
Essential Mathematical Models help to evaluate the diverse concepts. For the 
qualitative evaluation the application of Suh’s independence axiom is recommended. 

The refined mathematical models used at later, more detailed stages of design 
should be in reasonable neighbourhood of the results of the Essential Models. A 
concept for defining this neighbourhood is regular perturbation with respect to the 
Functional Requirements and the Design Parameters. 
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Abstract. In order to model complex systems it is indispensable to structure the 
modelings. The mechanism of abstraction as well as the usage of views is very 
helpful for structuring. In this paper I will discuss these aspects in the context of 
Petri systems in order to get fundamental definitions. It turns out, that with 
respect to many different definitions of Petri systems only a “generic 
definition” is possible. To get final definitions for concrete types of Petri 
systems it requires much further work. 



1 Introduction 

It is very well known that Petri systems are well suited for the modeling of concurrent 
systems. In practice such modelings rapidly become very big. Thus this results in the 
task to structure modelings using Petri system approaches adequately. Therefore we 
have to answer the following question: What are appropriate structurings for Petri 
systems? Structuring especially means to show how to describe parts or aspects of 
systems in a comprehensible way as well as how to compose the total system from 
these partial descriptions. 

Abstraction is a well known concept of structuring also applied in the world of 
Petri systems. Abstraction means to represent a whole subnet or subsystem by only 
one node in a coarsened presentation, or the other way around: a coarse node is 
refined into the associated subnet or subsystem. Usually Petri system descriptions 
using this presentation are called hierarchical. In the literature different variations of 
this concept are available (cf e.g. [1], [2], [3]). I prefer the approach of Fehling ([1], 
[2]) because this one succeeds (in contrast to other definitions) in the modeling of the 
refinement of adjacent nodes (cf [4], [5]). This is a very useful property. 

A second form of structured modeling is available in tools for generating and 
editing graphics in the possibility to apply levels, transparencies or layers. With them 
a whole description of something can be generated by piling up transparencies where 
each of the transparencies presents the description of an aspect or - in other words - a 
view of the total system. This sort of structuring too has been demonstrated as 
meaningful in the context of Petri systems. The development of this second main idea 

F. Pichler, R. Moreno-Diaz, and P. Kopacek (Eds.): EUROCAST’99, LNCS 1798, pp. 46-54, 2000. 
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for Petri nets as well as the problems emerging from the application for the modeling 
of systems can be found in [6]. 

Thus we have to solve the task to give a Petri systems definition including both 
possibilities of structuring simultanously. Its a pity that I am not able to give a 
comprehensive definition for that. But ITl suggest how to generate a collection of 
definitions to approach the aim mentioned above. This paper is a modified, partly 
enhanced and partly shortened version of [7]. 



2 Towards Defining AV-Systems 

In order to apply structurings as mentioned above, it seems to be a good approach to 
„orthogonally“ enhance unstructured Petri net modelings by both possibilities of 
structuring. That means the enhancements have to be given independently from each 
other. I will give the answer in two steps: At first I will treat the problem only for the 
nets underlying the Petri systems. Then 1 will enhance the results to system 
descriptions. 



2.1 Examples for Abstraction and Views 

Let's start with parts of examples for showing the phenomena of abstraction as well 
as views (already for systems). Here I am not interested in explaining the modeling of 
the concrete examples themselves. 
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2.1.1 A Model of a Pipelined Processor 

At first we will discuss abstraction by looking on an example. In Fig. 1 a flat mode- 
ling of a simple pipelined processor is given as a DSPN-modeling. 

Even this small example of a complex modeling in this representation is not easy to 
explain. But the developer can easily decompose the whole modeling into different 
components as depicted in Fig. 2. 




Thus it is possible to tell the whole story describing the total system by the smaller 
and thus comprehensible components and the interfaces between them. In addition a 



♦ 




Fig. 3. Part of the morphism between the detailed and the coarsened description 
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rough description of the overall connections of the components would be very helpful 
for a good understanding. 

Under some circumstances - which are fulfilled in the example above - the over- 
view describing the connections of the components itself can be given by a Petri net, 
where the components are represented by single, coarsened nodes. The main 
condition is that the boundary of a component only contains elements of one sort: 
only places or only transitions. The coarsened node representing a component has to 
be from the same sort as the elements from the boundary. An edge between coarsened 
nodes will emerge when there exists an edge between the represented components. It 
turns out that this leads to a Petri net morphism from the detailed to the rough 
description. In Fig. 3. this relation is partly illustrated (only for 3 components). 

This first example has discussed the aspects of abstraction using a bottom up- 
approach. This does not mean that abstraction is only useful in such cases. 
Abstraction is also useful in a top-down approach as well as in mixtured versions like 
“jojo”. (Cf. e.g. [8]). The discussion of abstraction using the example above can be 
found in more detail in [5]. 



2.1.2 A Model of Dialing 

Now we will discuss the main idea of views by looking on another example. 

In Fig. 4. an overall modeling of dialing between A and B as a condition/event sys- 
tem enhanced by inhibitior arcs is given. 



A free 



B free 




B has ended 
the call to A 
04 - 

Fig. 4. Dialing between A and B, modeled by a condition/event system 




50 



G. Dittrich 



In order to restrict to parts more easily to comprehend this description will be 
decomposed with respect to different aspects, here denoted as views described in 
layers. 

A suggested division into different aspects will be to model that A dials the number 
of B. This will be done from the viewpoint of A giving the regular behaviour descri- 
bed in a layer 1 and the abnormal behaviour (exception handling) described in a layer 
2. A full description of the whole story encompasses this behaviour from the 
viewpoint of B in a layer 3 and in addition all these aspects by interchanging A and B 




A free 




ceiver before B 



A and B are talking 
Fig. 7. Layer 1 + 2 



(layers 4-6). Here 
only layer 1 and layer 
2 will be shown as Fig. 
5. and Fig. 6. In Fig. 7. 
the union of layer 1 
and 2 is depicted. This 
points out that the 
intersection is nontri- 
vial (in contrast to the 
case in Section 2 . 1 . 1 ) . 

To look at the full 
modeling please confer 
[ 6 ]. 

Thus the main idea 
behind views is to 
model the whole sys- 
tem as a “union” of 
(may be non disjoint) 
subsystems. 




AV-Petri Systems: How to Get Together Abstraction and Views for Petri Systems? 



51 



2.2 Abstraction and Views for Nets 



In this section the approach will be discussed only regarding the underlying Petri nets 
of whole system descriptions. 

2.2.1 In the approach of Fehling ([1], [2]) the modeling of abstraction of Petri nets is 
consequently elaborated. As suggested in the example of section 2.1.1 in this 
approach whole subnets fulfilling some conditions concerning their „borders“ may be 

represented by nodes. The relations 
between the subnets again may be 
described by a Petri net, the overall net 
using the coarse nodes, which represent 
the subnets. Subnets represented by 
coarse nodes fulfill the relation „is part 
of ‘ or „is disjoint". 

The abstraction (coarse) nodes (in Fig. 
8. depicted in black) represent the 
subnets „lying under that node". That 
means that subnet, that is spanned by the 
leaf nodes which are directly or 
indirectly associated to the abstraction 
node by the vertical, dashed depicted 
edges. These edges represent the „is in 
the refinement of ‘ - function. 

Fehling’s definition of a hierarchical Petri net (cf [1], p. 64) is essentially as 
follows (up to modifications in notation). We will denote the same concept as an A- 
net (because showing abstractions). 

HN= (P, T; F, (f, P,, T,, ±)) is anH- net 
:<=> 1. N = (Pu P^, Tu T^; F) is a Petri net 

(in general including many isolated nodes). 

2. f: X ^ Xu {_L} with X := Pu P^ u T u T^ is a function. 

3. Conditions (HNj) for i = 1,2,3 are fulfilled. 

The (here not explicitly given) conditions HNj ensure: The abstractions are 
captured by the function f, representing a tree (in Fig. 8. depicted by the „vertical" 
edges). The nodes representing abstractions (elements from P^u TJ are the internal 
nodes of the tree. The actually modeled („fiaf ‘) net (in Fig. 8. depicted by gray nodes 
and edges between them) is described by the nodes that are leaves under f (elements 
from PuT) and the edges F which only occur between leaf nodes. Edges from or to 
abstraction nodes are not explicitly described in this definition. But they can be 
induced from elements of F. Thus the flat net (P,T; F) is explicitely included in the 
definition of an A-net. 




Fig. 8. Example of a ..hierarchical" Petri net 
due to Fehling. 
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2.2.2 As suggested in the example of section 2.1.2 an other form of decomposition 
into subnets not obeying the above mentionend conditions has been approved as 
meaningful, namely to decompose into (in general non disjoint) subnets, such that the 
gluing of those subnets represents the whole net. In [6] this operation is introduced as 
the union of subnets. Obviously this leads to a second - from the description via 
abstractions independent - structured presentation of a whole net. 

VN = (N, TN) is a V-net 

:<=> 1. N = (P, T; F) is a Petri net (in general with isolated nodes). 

2. TN = ((Pj, T; Fj)| i = 1, ...,n ) is a collection of n subnets of N with 
P = u, P,T = u, T,F = u, F. . 

1=1, ..,n 1 * 1=1,.., n 1 ’ 1=1,.., n i 

Remark: The union of finitely many subnets again yields a subnet. 

2.2.3 Thus we get as the basic definition of a Petri net with abstraction and views: 

AVN = (N, f , TN) is an A V-net 

:<=> 1. (N, f ) is an A-net with f = (f, P^,T^,_L) 

2. (N, TN) is a V-net. 

Obviously we got the required properties mentioned above, namely both 
structurings independently. 



2.3 Abstraction and Views for Systems 

Now I am interested in answering the following question: how to apply this basic idea 
developed to nets to models of systems? 

Systems in addition to the description of the underlying net contain information to 
describe the dynamics on the net by informations attached to transitions, places and 
edges. 

E. g. a place/transition system can be described as PTsys = (P, T, F; C, W, M) (e.g. 
cf [9], [10]). There (P, T; F) denotes the (underlying) Petri net of PTsys, C is a func- 
tion attaching capacities to nodes, W is a function attaching weights to the edges and 
M denotes a start marking. Additionally a firing rule is given. This firing rule in 
connection with C, W, and M are sufficient to derive the dynamics of the system 
description. In this sense we speak of a system and its underlying net. 

The here suggested main approach is as follows: Only the flat net, the first 
component in the above given definition of structured nets, has to be enhanced to a 
system description. 

But for that we have to fulfil the following condition: All subnets induced by the 
structurings applying abstractions or views to a net indeed induce subsystems. This 
condition in general may be invalid. But this demand makes sense, because this 
ensures to decompose the whole system into (may be non disjoint) subsystems which 
can be analysed or validated in advance before doing so with the modeling of the total 
system. 
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In order to apply this idea independently from a system type, the approach will be 
formulated relatively to a given system type. Insofar the definition will be a 
parameterized one. Informally speaking a system type shall describe a class of Petri 
nets with a uniformly described dynamics on the nets. Thus let PST be a Petri system 
type. Examples of Petri system types are C/E systems, P/T systems, colored systems, 
(C.f e.g.[ll],[12],[13]). 

Let C(PST) be the class of all system descriptions relative to the system type PST. 

Let: Union(PST): C(PST) x C(PST) ^ C(PST) 

(may be partial) operation (Union of system descriptions) 

Intersec(PST): C(PST) x C(PST) ^ C(PST) 

(may be partial) operation (Intersection of system descriptions). 

AVS = (Sys, f , TN) is an A V-system of type PST 

1 . Sys is element of C(PST). 

2. (N, f , TN) is an AV-net, where N is the net underlying Sys. 

3. Each subnet got by applying a structuring component induces a subsystem 
of Sys. 

4. The set of so generated subsystems is closed under Union(PST) and 
Intersec (PST). 

Remarks: 

• Union and intersection, respectively, of systems are in general not well defined in a 
natural manner. For further information to this point cf e.g. [6], [7]. 

• Because of the given parametrization by PST the approach from above only yields a 
schema of definition. Thus one has to elaborate in each concrete case, what union 
and intersection does mean. Surely this is a disadvantage. 

• On the other side it is an advantage to have a universal approach. Thus it is not 
neccessary to repeat the development of the main idea for each type separately. 



3 Outlook 

A lot of additional tasks remains to be handled. 

• We have to elaborate some concrete AV-system definitions, that means we have to 
fix a Petri system type and define special operations union and intersection conform 
with the definition of AV-system. 

• For sure it is important to work out some further basic concepts like „building 
block“ in the context of this approach. The special case to model in an object- 
oriented manner using Petri systems seems to be a very interesting and important 
one. 

• In order to apply the concepts developed above in reality it is indispensable to 
develop tools supporting those concepts. 
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Abstract In applications of formal methods, the problem of how to 
establish the correctness of the initial formalization step is an often un- 
derestimated aspect of the system design process. We propose a method- 
ology based on the construction of a mathematical model which reflects 
the given system so closely that the correctness can be established by 
observation and experimentation {ground model). Complex technical sys- 
tems are often heterogeneous, so that different system aspects are best 
modelled by means of different techniques. This leads to heterogeneous 
ground models. To achieve a consistent and coherent view of hetero- 
geneous behavioural models, which is a prerequisite for any systematic 
analysis and validation, we introduce a common semantic framework 
{meta-model) based on the notion of Abstract State Machines. We ex- 
emplify our methodology by an industrial case study from automated 
manufacturing, the distributed control for a material flow system (MFS). 



1 Introduction 

Gomplex technical systems in virtually all application areas increasingly rely 
on embedded hardware/software components performing various control opera- 
tions and supervision tasks. Typical examples are automotive control, industrial 
automation and extended telecommunication services. In general, one can ob- 
serve a strong tendency towards distributed solutions running on heterogeneous 
system platforms that are interconnected through networks. As such they are 
characterized by their concurrent, reactive and object-based nature (perform- 
ing operations that are often subject to external timing constraints). Gomplex 
embedded systems are frequently realized as loosely-coupled aggregations of dis- 
parate components performing specialized tasks rather than monolithic architec- 
tures with a regular structure [14,15]. Engineering of complex embedded systems 
usually involves several domain specific description techniques in order to deal 
with distinct facets of system behaviour at various abstraction levels. Heteroge- 
neous modelling approaches offer additional expressiveness and flexibility (e.g. 
allow for more adequate and natural abstractions) resulting in more realistic and 
reliable descriptions. On the other hand, any systematic analysis and validation 
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of heterogeneously specified system models requires a coherent and consistent 
view of the underlying behavioural models such that relevant system proper- 
ties can be inspected. This situation calls for integrated specification and design 
approaches^ allowing to combine different models of computation and data in 
such a way that the interfaces between the various system components and the 
dependency of internal system operations on external actions and events (e.g. 
as associated with the environment into which a system is embedded) become 
transparent. 

Systems Theory faces the challenging task of finding the right abstractions 
to cope with complexity, diversity and the presence of “dirty” system features 
(which one usually encounters in real life systems). Of particular importance is 
the role of Systems Theory for macro-architecting providing means for a sys- 
tematic construction, analysis and transformation of formal models as well as 
its ability to interpret different kinds of formal models with respect to domain- 
specific models [12]. In the work presented here, we concentrate on discrete be- 
havioural models of distributed embedded systems with the objective to support 
high-level analysis and validation of dynamic system properties. 

This paper is structured as follows. We begin, in Sect. 2, with a methodologi- 
cal discussion about the problem of mathematical modelling of non-mathematical 
reality {initial formalization step) and outline our approach {ground model con- 
struction). The problem of integrating heterogeneous system models (including 
ground models) is discussed in Sect. 3. The basic notions of Abstract State Ma- 
chines, which are the foundation of our integration approach, are recalled in 
Sect. 4. Then, in Sect. 5, we present a case study from automated manufactur- 
ing to illustrate the proposed methodology (from both points of view, ground 
model construction and integration of heterogeneous models). Finally, in Sect. 6, 
we conclude with some remarks about lessons learned and future research. 



2 Reliable Ground Models 

Formal specification and verification methods and tools offer a variety of math- 
ematical modelling and proof techniques supporting the entire system design 
process from abstract requirements specifications down to concrete realizations. 
At any given abstraction level, the correctness of a model that is obtained as re- 
sult of some refinement step can in principle be proved. There is however no way 
of proving correctness of the initial formalization step, i.e. the relation between 
a formal (mathematical) model and the part of the real (physical) world this 
model is intended to describe. Consequently, one never gains absolute evidence 
on whether a formal model faithfully “implements” the user’s (or customer’s) 
intuitions about the expected system behaviour, nor whether the implications 
resulting from the stated requirements are completely and correctly understood 
so that any unexpected and undesirable behaviour is a priori excluded. 

^ Specification and design is meant here in a fairly general sense also including reverse 
engineering as well as reusability aspects. 
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In other words, a formal basis alone does not automatically lead to models 
that fulfill their requirements; even if a model is proved to have certain properties 
this does not necessarily mean that it is correct in the sense that the model really 
fits into a given (physical or system) environment, since assumptions on which 
such proofs are based may be incomplete or wrong. Practical experiences with 
formal methods indeed show that such “mismatchings” do frequently occur when 
real world phenomena are involved. 

Now, the question then is: “How can we establish that a formal requirements 
specification of some computer-based system actually formalizes our intuitive 
understanding of system behaviour in the given context in which this behaviour 
is to be regarded?”, or shorter, “How can one establish that a model is faithful 
to reality?'" . The approach documented here relies on the assumption that this 
can be done by constructing a mathematical model which reflects the given 
system so closely that the correctness can be established by observation and 
experimentation (cf. [7], p. 9). Such a model is called a ground model. 

The quality of ground models considerably depends on the underlying ab- 
stractions for dealing with real-world phenomena, i.e. on the way in which basic 
objects and operations of a ground model are related to basic entities and actions 
as observed in the real world. This also influences the choice of the formalism: 
some formalisms are more appropriate than others to formalize particular kinds 
of systems in an intuitively transparent way, as their underlying abstractions 
are closer to the nature of the system under consideration.^ Quite often, differ- 
ent formalisms are needed for modelling different parts or aspects of the same 
system, such that — in the end — they coexist in the same ground model {hetero- 
geneous modelling). This leads to the integration problem and to the need for a 
unifying meta-model, as discussed in detail in the next section. 

Regarding the construction of ground models (as part of the system analysis 
and design process), one can identify general principles for justifying their appro- 
priateness and validity. In a discussion of methodological guidelines building on 
epistemological insights, Egon Borger convincingly argues that this justification 
process has three basic dimensions ([2], Sect. 2.2): 

Conceptual justification aims at a direct comparison of the ground model 
with a given part of the real world (e.g. as described by an informal require- 
ment specification). 

Experimental justification can be provided for the ground model by accom- 
panying it with clearly stated system test and verification conditions (system 
acceptance plan), i.e. falsifiability criteria in the Popperian sense [13] which 
lay the ground for objectively analyzable and repeatable experiments. 

^ In particular, the relation between the given system and its formal model should 
be made as evident as possible: in fact, the model should be readily understood 
by persons who are experts of the application domain, but not necessarily of the 
formalism, as their judgements are essential to establish whether the model is faithful 
to reality. In this respect, graphical formalisms with a precise semantics can be very 
useful. 
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Mathematical justification As opposed to the conceptual and experimental 
justification of a ground model, the mathematical justification aims at es- 
tablishing its internal consistency and is essentially a problem of high-level 
reasoning and (where possible machine assisted) proof checking. 

The reliability of ground models is an often underestimated aspect in applied 
systems engineering. Taking into account possible consequences of specification 
errors that are not discovered in early design phases, the validation of formal 
requirement specifications by means of conceptual and experimental means is 
certainly one of the most important steps in the entire system design and de- 
velopment process (albeit, the best we can achieve is a “pragmatic foundations^ 
[2]).^ Once we have established the adequacy and validity of a ground model with 
sufficient confidence and evidence, other models (also models expressed in other 
formalisms, e.g. as required for machine-supported analysis and proofs) may be 
derived by applying purely mathematical transformation techniques (where the 
correctness of each transformation step can in principle be proved in a strict 
mathematical sense). 

3 Heterogeneous System Modelling 

In this section, we first discuss the integration of heterogeneous system models 
from a general perspective. Then we focus on the integration of (heterogeneously 
specified) controller and device models. 



3.1 Overview 

Complex technical systems are, by their very nature, heterogeneous: they may 
consist of mechanical and electronic devices, sensors and actuators, measuring 
devices, communication media, computer programs, and sometimes even involve 
human beings (e.g., operators). In order to deal with all the distinct facets of 
such systems, many different modelling paradigms and languages have been de- 
veloped over the years. By now, well established languages, methods and tools 
are available and used with success for the design of almost every single system 
aspect. For instance, even if we restrict attention to the IT-related parts of such 
systems, we find a large number of complementary modelling paradigms (such 
as synchronous, asynchronous, control-flow, data-flow, with or without real-time 
constraints) and corresponding formalisms (e.g., Statecharts, synchronous lan- 
guages, SDL, VHDL, different Petri net variants, etc.). Not yet answered is, in 
general, the question, how to combine such heterogenous descriptions into one 
consistent and coherent system model which can undergo well-defined validation 
and analysis processes. 

® Model-checking of system properties, the way we employed it in the work documented 
here, should also be considered as a means of experimental justification: in fact, it is 
(when applicable) a systematic and highly efficient way of conducting experiments. 
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Fig. 1. Open System View 



In order to model individual system components, it is convenient to follow an 
open system view, where the interaction between such a component and its envi- 
ronment is modelled by introducing well-defined interfaces (this also emphasizes 
the reactivity aspect). On the one hand, such a view is useful in order to de- 
scribe the behaviour of individual components or subsystems without the need 
to model details of the surrounding environment. As a consequence, different 
components or subsystems can be specified using different (and most appropri- 
ate) formalisms. On the other hand, whenever one wants to validate a system 
model or verify particular properties of this model, one is usually interested in 
the overall system behaviour, and not in the behaviour of single components or 
subsystems (possibly under some boundary conditions, i.e., assumptions on the 
environment’s behaviour).^ 

Thus, composition mechanisms are needed: they should allow to build — out 
of the component/subsystem specifications — a unified model of the whole sys- 
tem. Moreover, it is essential for these composition mechanisms to be able to deal 
with heterogeneous models, as they should act as interfaces between components 
or subsystems which are described in different languages/styles. Actually, there 
is nothing in the composition mechanisms themselves that hinders them from 
working in an heterogeneous setting (consider, for instance, mechanisms such as 
sharing of state variables, message passing, or connection of ports, which are very 
general). However, it is impossible to precisely understand and analyse the be- 
haviour of the composed system in the absence of a common semantic framework 
(i.e., a meta-model) capturing both the behaviour of the system components as 
well as of the composition mechanisms in a uniform way. 

In the remainder of this paper, we are not going to introduce new ways of 
composing systems or discuss issues of compositionality from a theoretical point 
of view. Instead, we propose the use of Abstract State Machines as a meta- 
model for the integration of heterogeneous descriptions. Starting from a concrete 
application (a distributed material flow system, or MFS, in automated manu- 

Note also that, in real-life situations, following an “academic” approach, where one 
tries to describe environment assumptions and deduce their implications as ab- 
stractly and generally as possible, may be not only difficult, but also unnecessary: for 
instance, it often happens that the environment of a component or subsystem is fixed 
(e.g, by contract) or subject to severe constraints (e.g., due to available technology). 
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Fig. 2. Controller-Device Interaction in Embedded Control Systems 



facturing), we identify description languages appropriate for describing parts of 
the system as well as composition mechanisms needed to put them together. To 
exemplify our approach, we consider a particular subsystem of the MFS (an “in- 
telligent” switch module), show how different description languages can be used 
for modelling parts of the switch, and how the submodels can be integrated by 
embedding them into the meta-model. Finally, we validate the resulting system 
model, by means of simulation and symbolic model-checking. 



3.2 Integration of Controller and Device Models 

Design of embedded control systems requires to deal with two kinds of concep- 
tually different units, the control units (controllers) and the controlled physical 
systems (devices), which are interfaced with each other by means of sensors 
and actuators (see Fig. 2). In addition to the connections corresponding to sen- 
sors and actuators, the picture also shows further connections to the external 
world. In fact, a complex technical system may consist of a network of such 
controller/device units (forming a distributed system, such as the material flow 
system from our case study). 

A very important aspect in the specification of embedded control systems — 
especially in view of their validation and verification — is a clear separation be- 
tween controller and device model, and the precise modelling of the device be- 
haviour. Especially computer scientists often tend to overlook this aspect and 
only specify the controller behaviour (possibly very thoroughly and formally), 
but leave everything else (the ^‘’environment^') out of the formal model.® 

Note that the ultimate aim of the validation process is not to prove proper- 
ties of the control program under some assumptions on the environment, but to 
show that the controlled device achieves the intended goals while ensuring some 
safety requirements (for instance, transporting something from one place to an- 
other, while avoiding collisions which can damage the system). Hence, we need 
formal models of both the controller and the device (where the device model, 
by itself, reflects the behaviour of the uncontrolled device): only on the basis of 

® See, for instance, [9], where a production cell controller is formally specified using 
SDL, but no formal model of the device is given. 
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the combined controller/device model it is possible to precisely formulate and 
possibly prove properties of interest, which follow from the interaction of the 
control program with the physical system behaviour. 

In general, the physical device is much more complex than the control pro- 
gram, as it involves a large number of parameters (including continuous ones). 
Due to this complexity, the development of a completely faithful and detailed 
device model is often not a feasible task. However, many details are not necessary 
in order to formulate and prove properties of interest. If appropriate abstractions 
are made, the task of modelling the physical device becomes affordable. 

A typical example is discretization ^ where continuous values in the physical 
system are replaced by a finite set of “critical” values. Discretization is the basic 
abstraction tecnique employed in our MFS case study. For example, consider the 
“switch” device of the MFS, whose central part consists of a rotating plate: in 
a detailed physical model, the state of the switch plate is given by its rotation 
angle (a continuous value), but the essential information is whether it is in one of 
its stable states (left or right end position) or moving between them (clockwise 
or counterclockwise). A complete discretized model of the physical switch can 
be represented by means of a high-level Petri net, as shown in Sect. 5 (Fig. 5). 

The methodological approach sketched above is very close to the one of [3], 
which deals with modelling and verification of the well-known case study “Pro- 
duction Cell” [10] by means of Statecharts. This paper also emphasizes the im- 
portance of a formal behavioural model of the physical device, as well as the 
need for clearly identified abstractions. Compared to [3], the originality of our 
approach is that it allows for heterogeneous models. The ability to employ differ- 
ent languages/formalisms within the system’s ground model leads in many sit- 
uations to descriptions which are more intuitive and thus easier to relate to the 
system being modelled (which is an essential requirement for a reliable ground 
model, as discussed in Sect. 2). Although this kind of improvement is clearly 
subjective and can not be quantified, we argue that, for instance, our Petri net 
model of the physical switch reflects the switch device much more directly than 
the Statechart model in [3] does for the Production Cell, where much encoding 
overhead is introduced® (in fact, using Statecharts for the device model there 
was mainly motivated by the verification tools requiring a Statechart model as 
input). 



4 Abstract State Machines 



Building on the Abstract State Machine {ASM) approach to mathematical mod- 
elling of discrete dynamic systems [7,2], we use here the special class of multi- 
agent ASMs as a formal basis for dealing with reactivity and concurrency. ASMs 
combine the abstract operational view of transition systems (for behavioural 
modelling) with declarative concepts of first-order logic (for data modelling). 

® On the other hand, the Statechart formalism allows for a concise and intuitive spec- 
ification of the finite state machine underlying the control unit. 
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They allow to formalize complex system behaviour in terms of executable mod- 
els using familiar structures and notations from discrete mathematics and com- 
puter science in a direct and intuitive way. The scope of applications ranges 
from distributed control systems over discrete event simulation systems to for- 
mal semantics of system modelling languages (like VHDL and SDL [6]).^ In this 
section, we recall some basic notions of ASM (see [7] for the complete defini- 
tion). We first describe the computational model underlying ASMs, and then 
the syntax and semantics for a core subset of the ASM language. 



4.1 Computational Model 

Computations Abstract State Machines define a state-based computational 
model, where computations {runs) are finite or infinite sequences of states {5^}, 
obtained from a given initial state Sq by repeatedly executing transitions. Such 
runs can be intuitively visualized as 




where the Si are the states and the 6i the transitions. 

States The states are algebras over a given signature S (or E-algebras for 
short). A signature E consists of a set of basic types and a set of function names, 
each function name / coming with a fixed arity n and type Ti . . . T„ — >■ T, where 
the Ti and T are basic types (written / : Ti . . . T„ — >• T, or simply / : T if 
n = 0)®. A A-algebra (or state) S consists of: (i) a nonempty set for each 
basic type T (the carrier set of T), and (ii) & function 

fs : r/ X . . . X ^ 

for each function name f : Ti ... T„ ^ T in E (the interpretation of the function 
name / in S'). Function names in E can be declared as: 

— static: static function names have the same (fixed) interpretation in each 
computation state; 

— dynamic: the interpretation of dynamic function names can be altered by 
transitions fired in a computation step (see below); 

— external: the interpretation of external function names is determined by the 
environment (thus, external functions may change during the computation 
as a result of environmental influences, but are not controlled by the system) . 

Any signature E must contain a basic type BOOL, static nullary function names 
(constants) true : BOOL, false : BOOL, the usual boolean operations (A, V, etc.), 

^ For a comprehensive overview on ASM applications and other available material, 
see also the annotated ASM bibliography [1] as well as the following two URLs: 
http : //www. eecs .umich.edu/gasm/ and http : //www.uni-paderborn. de/cs/asm/. 
® Note that, while the definition given by Gurevich in [7] is untyped and nses classical 
first-order structures as states, we prefer to see states as multi-sorted algebras: from 
a conceptual point of view and for the purpose of this paper this makes no difference. 
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and the equality symbol =. Finally, there is a special constant undef : T for any 
basic type T except BOOL. When no ambiguity arises we omit explicit mention 
of the state S (e.g., we write T instead of for the carrier sets, and f instead 
of fs for static functions, as they never change in the course of a computation). 

Locations If / : Ti . . . T„ — >■ T is a dynamic or external function name, we call 
a pair I = (/, x) with x G 7i x . . . x 7)i a location (then, the type of I is T and 
the value of Hn a state S is given by fs(x)). Note that two states Si and S 2 are 
equal iff the values of all locations in and S 2 are equal (i.e., they coincide iff 
they coincide on all locations). 

Transitions Transitions transform a state S into its successor state S' by 
changing the interpretation of some dynamic function names on a finite number 
of points (i.e., by updating the values of a finite number of locations). 

More precisely, the transition transforming S into S' results from firing a 
finite update set A at S, where the updates are of the form {{f,x),y), where 
(/, x) is the location to be updated and y the value. The state S' resulting from 
firing Z\ at S' is such that the carrier sets are unchanged and, for each function 
name /: 

^ h if ((/,ai),y) G 
i (fs(x) otherwise. 

The update set A — which depends on the state S — is determined by evaluating 
in S a distinguished transition rule P, called the program.^ Note that the above 
definition is only applicable if A does not contain any two updates ((/, x),j/) 
and ((/, x),y') with y ^ y' (i.e., if A is consistent). 

4.2 The ASM Language 

Terms Terms are defined as in first-order logic: if / : Ti . . . T„ — >■ T is a function 
name in S, and ti is a term of type Ti (for i = 1, . . . , n), then /(ti, . . . , t„) is a 
term of type T (written t : T).^° The meaning of a term t : T in a state S is a 
value S{t) G T defined by 

S(/(ti,...,t„)) = is{S{ti),...,S{tn)). 

Transition rules While terms denote values, transition rules {rules for short) 
denote update sets, and are used to define the dynamic behaviour of an ASM: 
the meaning of a rule i? in a state S is an update set As{R). 

ASM runs starting in a given initial state S'o are determined by the program 
P: each state S'i+i {i > 0) is obtained by firing the update set Asi{P) at S'g 

A^) As (P) 

Oo L 01 t D 2 • • • L On . . . 

The syntax and semantics of rules are as follows. 

® In applications of ASM, the program consists usually of a set (block) of rules, de- 
scribing system behaviour under different — usually mutually exclusive — conditions. 
If n = 0 the parentheses are omitted, i.e. we write / instead of /(). 
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Skip rule The simplest rule is the skip rule, which simply does nothing, i.e. its 
semantics is an empty update set: Z\ 5 ( skip) = { }. 

Update rule The update rule has the syntax 

R ::= f{ti, 

where / : Ti . . . T„ — >■ T is a dynamic function name in S, ti : R for t = 1, . . . , n, 
and t : T. Such an update rule produces a single update: 

As{R) = {((/,(5(ti),...,5(t„))),5(t))}. 

Intuitively, the terms ti and t are evaluated — in the state S — to values Xi = S{ti), 
y = S{t); then, the interpretation of / on (xi, . . . , x„) is changed to y. 

Block rule The block rule 

R ::= Ri . . . R^ 

combines the effects of more transition rules: 

^s{R)= 

Executing a block rule corresponds to simultaneous execution of its subrulesd^ 

Conditional rule The conditional rule has the syntax 

R ::= if G then Rt else Rp 

where G is a boolean term. Its meaning is, obviously: 

A ( Ri = j ^s{Rt) S{G) = true 
Z\s( ) otherwise. 

The short form “if G then R’ is also used instead of “if G then R else skip”. 



4.3 Multi-agent ASM 

Concurrent systems can be modelled in ASM by the notion of multi-agent ASM 
(called distributed ASM in [7]). The basic idea is that the system consists of 
more agents: each agent a € AGENT^'^ executes its own program prog{a) and 
can identify itself by means of a special nullary function self : AGENT, which 
is interpreted by each agent a as a. 

In [7] several semantical models for multi-agent ASM are discussed, the most 
general being partially ordered runs. For our purposes, a simple interleaving 
semantics is sufficient and allows us to model concurrent systems in the basic 
ASM formalism as described in Sect. 4.2. In particular, we consider self as an 
external function, whose interpretation selfs^ determines the agent which fires at 

For example, a block rule a := b, b := a exchanges a and b. Note also that the use 
of block rules may lead to inconsistent update sets. 

Note that agents are identified with elements of the domain AGENT, which are 
actually a sort of “agent identifiers” . 
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state Si- We assume that there is one program P, shared by all agents, possibly 
performing different actions for different agents, e.g.: 

if self = ai then prog{ai) 

if self = a„ then prog{an) 

where {ai,...,a„} are the agents and prog{ai) is the rule to be executed by 
agent a^, i.e., the “program” of ai. 

4.4 The ASM-SL Language 

The ASM language, including all constructs above, is supported by the “ASM 
Workbench” tool environment [4], which provides syntax- and type-checking 
of ASM specifications as well as their simulation and debugging. The source 
language for the ASM Workbench, called ASM-SL, includes some additional 
features which are necessary for practical modelling tasks: constructs for defin- 
ing types, functions, and named transition rules (“macros”), as well as a set 
of predefined data types (booleans, integers, tuples, lists, finite sets, etc.): as 
the ASM-SL notation is quite close to usual mathematical notation, no further 
explanation of ASM-SL will be needed. 

5 A Case Study from Automated Manufacturing 

In this section, we present an industrial case study, a distributed material flow 
system (MFS) , to illustrate the methodological approach sketched in the previous 
section. First, we give an overview of the case study and the related problems, 
then we concentrate on a subsystem (the switch module) and use it as a running 
example to discuss the proposed modelling and analysis techniques. 

5.1 Overview 

The subject of our case study is the distributed control for a modular material 
flow system. The case study has been provided by the Computer Integrated 
Manufacturing (CIM) group of our institute, with which we cooperate in the 
research project ISILEIT 

Our MFS is based on a modern modular material flow technology that allows 
to build complex transportation topologies by composing standard modules (es- 
sentially: straight and curved tracks, switches, and halting points, see Fig. 3). 
Special vehicles called shuttles are employed to transport pieces over the rail- 
way between halting points (corresponding, for instance, to machines or stores). 

ISILEIT is a project funded by the DFG (the German Research Foundation) within 
the program “Integration of Software Specification Techniques for Engineering Ap- 
plications” and is a cooperation between our group, the software engineering gronp, 
and the GIM group of the Heinz Nixdorf Institut. 
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Fig. 3. Example of Modular MFS 



While operating, tracks are permanently supplied with current, such that shut- 
tles keep moving over the railway in a fixed direction, unless they are arrested 
by means of stopping cams (placed at certain points along the tracks). Finally, 
each shuttle has a built-in device that avoids collisions by enforcing a minimum 
distance from the foregoing shuttle. 

Traditionally, the control of a MFS is centralized: a central control unit drives 
the physical MFS according to predefined transport plans and routes, which 
implement the material flow for a given manufacturing process. However, the 
modular structure of the MFS sketched above suggests an alternative solution, 
based on distributed control. Instead of being controlled by a central unit, each 
of the modules of the MFS (e.g., shuttle, switch, or halting point) is controlled 
by a corresponding local control unit (or control node), cooperating with other 
control nodes in order to achieve the global goals of the MFS, i.e., to execute 
the given transportation tasks. Thus, the control of the MFS is implemented 
by a network of concurrently operating and asynchronously communicating con- 
trollers. The only non-distributed part of the system is an host PC connected to 
the network for the purpose of user interaction (such as definition, transmission, 
and visualization of the transportation tasks), which however plays no role in 
the actual MFS control. 

Such a distributed and modular architecture has obvious advantages over 
a centralized one in terms of scalability, reconfigurability, and fault tolerance. 

The control nodes are not necessarily dedicated processing units physically bound 
to the devices being controlled. Instead, each control node is a process logically 
associated to the controlled device. In our MFS, for instance, the control nodes for 
the switches are processing units physically located by the switch, while the control 
nodes for the shuttles — for technical reasons, such as cabling — are not located on 
the shuttles, but implemented on computers placed outside the physical MFS. 






Computer-Aided Analysis and Validation 



67 



but its software is more difficult to design, implement, and validate. In fact, 
the implementation does not immediately reflect the system behaviour to be 
realized. Instead, the overall system behaviour results from the interplay of quite 
a large number of processes, each one executing its own protocol, having only 
quite limited knowledge of the system’s state. How the proposed methodology 
can help in the design and validation of this kind of systems is what we are 
going to illustrate in the sequel of this section. In order to do this, we consider 
a subsystem of the MFS, namely the switch module. 



5.2 The Switch Module 

As shown in Fig. 3, there are two kinds of switch modules, called brancher and 
joiner, respectively. As the names suggest, a brancher directs shuttles to the 
one or the other destination, whereas a joiner reunites two paths into one. The 
brancher and the joiner differ slightly, both in their physical composition and in 
their control. The following discussion refers to the brancher, which is slightly 
more complex and interesting than the joiner.^® 

The switch module, depicted in Fig. 4, is built around a switch drive (SD), 
which can modify the state of connection between MFS tracks by inducing a 
rotation of the switch plate around its center. A few additional components are 
needed to ensure the correct and safe operation of the switch, namely: 

— an identification unit {ID), which detects the passage of a shuttle and, at 
the same time, ascertains its identity (given by a conventional shuttle id); 

— a stopping cam {SC), which may stop a shuttle or let it pass (recall that 
shuttles keep moving, if not hindered from doing so); 

— passing sensors {PS), which detect the passage of a shuttle (without identi- 
fying it). 

Note that the length of the track segment between ID and SC is such that at 
most one shuttle can occupy this segment. This is ensured by the hardware 
enforcement of the mininum distance, mentioned in Sect. 5.1 (see Fig. 4). 

The interface between the physical switch and the corresponding control node 
is represented by an appropriate set of messages, as shown in the picture. The 
communication takes place over a bidirectional channel. Messages received by the 
controller are notifications from the sensors, messages sent by the controller are 
commands for the actuators. In particular, we distinguish the following message 
types: 

— identification{sh) is sent by the identification unit whenever the shuttle with 
id sh passes over it; 

— stop{b) controls the stopping cam: if 6 = true it switches to the stop position, 
if & = false it is released; 

In particular, the brancher needs to distinguish between the individual shuttles in 
order to direct them to the correct destination, while the joiner must simply let any 
incoming shuttle pass. 
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Physical Units 

ID identification unit 
SC stopping cam 
SD switch drive 
PSl passing sensor (ieft) 

PS^ passing sensor (right) 

Messages 

identification (sh : SHUTTLE_ID) 
stop (b : BOOL) 
switch 
switched 

passed (where : LEFT_OR_RIGHT) 
register (sh : SHUTTLE_iD) 

Fig. 4. The Switch Module 

— switch is sent to the switch drive in order to let it start its rotation: when 
the rotation is completed, the switch notifies that the end position is reached 
by sending back the acknowledgement message switched] 

— passed(left) and passed(right) are sent by the left and right passing sensors, 
respectively, whenever a shuttle passes over them. 

We call the protocol regulating the communication between a control node and 
the corresponding physical device (which involves, in the case of the switch, the 
messages listed above) low-level protocol. A low-level protocol is responsible for 
ensuring local properties of the MFS modules, e.g., safety properties such as “a 
shuttle does not move onto the switch plate while the plate is moving'\ 

The high-level protoeols, instead, are run between neighbouring control nodes 
in order to direct the overall shuttle traffic in the proper way and thus coop- 
eratively achieve the high-level goals of the MFS (i.e., executing the requested 
transportation tasks). In the case of a brancher, the high-level protocol is fairly 
simple, as its task is just to send the incoming shuttles in the “correct” direc- 
tion. The information about the correct direction is provided by the halting 
point where a shuttle stopped before coming to the switch under consideration. 
As soon as the shuttle leaves the halting point, the control node of the latter 
“registers” the shuttle by the next (brancher) switch, to inform it about the 
direction that the shuttle has to take.^® 

Actually, as shown in Fig. 4, the register message does not mention the direction. In 
fact, our model follows an existing implementation that, in order to reduce message 
traffic, distinguishes between a “standard” and a “non-standard” direction: shuttles 
going in the non-standard direction are registered, while non-registered shuttles are 
supposed to go in the standard direction (the one expected to be taken most often). 
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5.3 Physical Switch: A Petri Net Model 

The physical switch can be formally described by means of a high-level Petri 
net, shown in Fig. 5. This model reflects both the topology and the behaviour 
of the physical device. In particular, different track segments within the switch 
module are represented by places SI, S2, . . . , each of which contains a list of 
shuttle ids as its only token. The movement of shuttles between these places 
is represented by corresponding transitions tl, t2, . . . , which update the lists 
appropriately (the condition on tl reflects the assumption about the length of 
the track segment S2 between ID and SC, stated informally in Sect. 5.2). The 
other places represent other aspects of the physical switch state, namely: 

— the position of the stopping cam (which can be either in stop position or 
released, as reflected by the place passing-enabled) , and 

— the state of the switch plate (which can either stay in one of the end posi- 
tions left or right, or be rotating from left to right or from right to left, as 
represented by the places moving Jr and movingml, respectively). 

A peculiarity of the net model shown in Fig. 5 is that some transitions are 
annotated by an input or by an output symbol (whose graphical representation 
is borrowed from SDL). In this way, we model the interaction of the physical 
switch with the environment according to an open system view. Intuitively, the 
meaning of an input annotation is that the given transition is fired depending 
on a given input signal (i.e., the transition is triggered by an external event). 
Similarly, an output annotation means that a given output signal is emitted 
when the corresponding transition occurs. Note that the occurrence of such a 
transition is “spontaneous” , in the sense that the transition happens as a possible 
consequence of the internal workings of the system, and not as a necessary 
reaction to an external stimulus.^® 

The semantics of the input and output annotations will be made precise in 
Sect. 5.5, where it will also be shown how the net model of the physical switch 
can be composed with the SDL model of its controller. By going from an open 
system view over to a closed system view, meaningful statements about the 
system behaviour can be formulated. 



We use this representation in order to reflect the sequence of shuttles present on a 
track segment in a given state. This is important, as shuttles leave a track segment 
in the same order as they entered it, i.e., they can not overtake each other. 

For instance, as shuttles always keep moving (unless explicitly stopped), a given 
shuttle will eventually leave the track segment it occupies and enter the next one. 
This event is reflected by the occurrence of a transition in our net model. These 
transitions are typical examples of “spontaneous” or “internal” transitions. Option- 
ally, such a transition can emit an output to notify the event to the environment, 
making the event visible to an external observer (in Fig. 5, tl , tj and t4r are of 
this kind). 
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5.4 Switch Controller: An SDL Model 

The switch controller is specified by means of SDL process diagrams, which 
represent a kind of extended finite state machines. The process diagrams for its 
three control states {stable, waiting, and switching) are shown in Fig. 6. Within 
the diagrams the following (local) state variables are used (the corresponding 
SDL declaration and initialization parts are not shown here for reasons of space): 

— direction : {left, right}, initialized as the standard direction^® std, corre- 
sponds to the controller’s knowledge about the switch position; 

— registered : SHUTTLE JD-set, initialized as an empty set, keeps track of the 
registered shuttles; 

— passing : INT , initialized as 0, is a counter keeping track of the number of 
shuttles occupying the critical area of the switch (i.e., the switch plate and its 
immediate surroundings): this information is important because it is safe to 
activate the switch drive only when this area is free, i.e., when passing = 0. 

Note that the state variables of the controller must be consistent with the phys- 
ical system state: as this must hold, in particular, in the initial state, it implies 
that, when the MFS is started, its (physical) state must correspond to the con- 
troller state, e.g., all the switches must be in the standard direction. 

We do not go into further details here, as Fig. 6 already contains the complete 
specification of the switch controller. However, we try to explain the basic idea of 
how the controller works in a typical case. When a shuttle arrives to the switch, it 
passes over the identification unit, which informs the controller. The controller, 
depending on the identity of the incoming shuttle, checks if the switch is already 
in the right position. If so, it lets the shuttle pass; otherwise it puts the stopping 
cam in the stop position and: (a) ii the critical area is free, it activates the switch 
drive and goes into “switching” mode, where it waits for the acknowledgement 
message switched from the switch drive; (b) if the critical area is not free, it goes 
into “waiting” mode, where it waits for the critical area to become free before it 
can begin switching. 

While executing these steps, care must be taken to keep the physical switch 
state and the controller state consistent. If inconsistencies arise, the controller 
may end in the “ERROR!” state (for which no behaviour is defined) , or may be- 
have unpredictably. Note however that, if the protocol is correctly implemented, 
this can only happen in case of hardware failures (e.g., if the identification unit 
detects passage of shuttles when there is none). Thus, a result to be expected 
from the analysis of the integrated controller/device model is that the controller 
never reaches the “ERROR!” state, as the device model (the Petri net) refiects 
only the failure-free behaviour of the physical switch. 



19 



We make use of a constant std standing for the standard switch direction (either left 
or right, depending on the MFS configuration). 
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Fig. 6. Switch Controller 
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5.5 Integrating Device and Controller Models 

As a prerequisite for discussing details of the integration technique, we have 
to make precise the communication model and the semantics of the input and 
output annotations on net transitions in Fig. 5. We follow SDL in assuming an 
asynchronous communication model with buffered channels. Consequently, the 
meaning of input and output symbols in the net model can be formalized by 
adding to the net, for each (input or output) message queue, a place containing 
a list of messages and, for each input or output symbol on a transition, the 
corresponding edges to check and update the corresponding message queue, as 
shown in Fig. 7. 

An aspect which is not explicitly specified, neither in the net model nor in 
the SDL process graphs, is the association between individual input/output com- 
mands (or individual messages) and the channels (message queues) over which 
they are to be sent /received. This association can in general be described by 
means of SDL block diagrams. Here, we omit the block diagram describing the 
connections between device and controller, as it is quite trivial: we assume that 
the communication between controller and device takes place over a bidirec- 
tional channel, such that two message queues (one for each channel direction) 
are needed. We call these message queues sensQ and actQ, standing for “sensor 
queue” and “actuator queue”, respectively.^*^ 




Fig. 7 . Input/Output Annotations on Net Transitions 



Related to the high-level protocol, there is an additional message queue registrQ 
corresponding to the input channel on which the preceding halting point (s) send 
the register message to the switch, in order to communicate the arrival of a given 
shuttle. However, there will be no further mention of this in the rest of this paper, 
as we focus on the device/controller integration. 
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The integration of the two switch models, the device model and the controller 
model, into a uniform behavioural model amenable to computer-aided analysis 
(simulation, model-checking) is then achieved as follows: 

1. both the net model of the physical device and the SDL model of the controller 
are mapped to equivalent ASM models 

2. interaction between the resulting models of the two subsystems takes place 
by sharing message queues^^ 

3. an additional ASM rule specifies the coordination between activities of con- 
current subsystems of the switch module and thereby complements their 
behavioural specifications. 

The mapping from high-level Petri nets to ASMs is realised by mapping each 
place to a dynamic function and by expressing the behaviour of each transition of 
the net by means of a boolean function and a transition rule in the ASM model. 
The boolean function corresponds to the enabling condition of the transition, 
while the transition rule specifies the state change produced when the transition 
occurs. We do not go into formal details of the transformation, which is quite 
straightforward, and illustrate it by the example of the switch’s transition tl 
instead, which is shown in Fig. 8.^^ 



transition tl_action == 
case (SI, S2, sensQ) of 
(xl : : xs, y, Q) : 
if length (y) < 1 
then SI := xs 

derived function tl_enabled == S2 := y @ [ xl ] 

case (SI, S2, sensQ) of sensQ := Q @ 

(xl::xs, y, Q) : length (y) <1; [ identification (xl) ] 

otherwise false endif 

endcase endcase 



Fig. 8. Mapping from High-Level Petri Nets to ASMs (transition: tl) 
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The mapping from SDL process graphs to ASMs is based on the SDL se- 
mantics defined in [6,16]. However, the corresponding ASM rules are simplified 
with respect to those which can be obtained from the SDL semantics of [6]. 
In particular, we assume that an SDL transition is executed in one ASM step, 
whereas the single actions of a transition should actually be executed in more 

Note, in fact, that the inputs for the controller are the outputs of the device (and 
vice versa). The unifying ASM model of the controller-device system makes the 
interaction explicit by showing how the controller and the device actually read/write 
those messages from/into the same message queue. 

See also [5] which deals with the integration of Pr/T nets and ASMs. 
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steps, sequentially. This simplication is important for the subsequent analysis of 
the model (especially by model-checking) in order to reduce the size of the state 
space. Of course, care should be taken in order to preserve the SDL transition 
semantics. Fig. 9 shows the ASM rule corresponding to the process graph for 
the switching state. 



transition Switching == 
case sensQ of 
msg : : restQ : 
case msg of 

identification (sh) 


control_state := ERROR ; 


passed (d) 


control_state := ERROR ; 


switched 


direction := change_dir (direction) 


endcase 

endcase 


actQ := actQ 0 [ stop (false) ] 
passing := passing + 1 
control_state := stable 



Fig. 9. Mapping from SDL Process Graphs to ASMs (state: switching) 



The mechanism which allows the interaction of the controller and device mod- 
els consists in sharing the message queues actQ and sensQ, which are declared 
in the ASM model as 

dynamic function actQ : LIST (MESSAGE) initially [ ] 
dynamic function sensQ : LIST (MESSAGE) initially [ ]. 

Note, for instance, that the transition tl of the device model in Fig. 8 writes 
to sensQ, while the process graph for the switching state of the controller model 
in Fig. 9 reads sensQ, triggering an SDL transition if an appropriate message is 
present at the head of sensQ (which is the input queue for the SDL process). 

Finally, to complete the model integration, coordination rules have to be 
specified to define a discipline by which all concurrently operating parts of the 
system (represented, in our model, by the single net transitions and the control 
process) cooperate to achieve the overall system goals. We adopt a simple in- 
terleaving model of concurrency and define a main coordination rule (the ASM 
program) which non-deterministically chooses whether the controller or the phys- 
ical switch makes a move (phys_switch_step and controller_step are the subrules 
corresponding to a move of the physical switch or of the controller, respectively): 



Coordination rules are either derived from the actual physical realization of the 
system (thus stating assumptions on the environment) or express requirements re- 
garding the control software (thus stating guidelines for its implementation). 
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external function choose_round 

with choose_round in { phys_switch, controller } 



transition Main == 
case choose_round of 

phys_switch : phys_switch_step ; 
controller : controller_step 
endcase 

Moreover, we have to model the implicit assumption that, while the transitions 
corresponding to shuttles passing track segment boundaries (“shuttle transi- 
tions”) happen after some time, the transitions corresponding to reactions of 
both the controller and the physical switch to incoming messages ( “reaction tran- 
sitions”, triggered by sensors/ actors) happen “immediately”.^"^ A simple way to 
do this is to prioritise the transitions of the net model, such that shuttle transi- 
tions always have lower priority than reaction transitions. This can be achieved 
by an appropriate definition of phys_switch_step, the coordination rule for the 
physical switch (net model). 



5.6 Analysis and Validation 

Analysis and validation essentially are performed by means of simulation and 
model-checking. In particular, the combination of both is very effective in “de- 
bugging” the high-level system specification. The model-checker can be used to 
find counterexamples, i.e., runs which contradict the expected behaviour (spec- 
ified by a set of properties expressed in temporal logic). Each counterexample 
can then be fed into the simulator in order to find out the origin of the wrong 
behaviour. Debugging features, which are very helpful in this regard, include 
possibility of executing single steps forward and backward, a sequence of steps 
until a given condition is satisfied, inspection of the system state, etc. After 
the specification is fixed, the whole process is reiterated, until all properties are 
satisfied. 

The properties to be checked are specified in CTL (Computation Tree Logic), 
the temporal logic supported by the model checker SMV [11], which we employ 
for the verification task. We consider both safety and liveness properties, which 
altogether build an abstract requirements specification for the switch module:^® 

“Immediately” does not mean here that these actions take no time, but that the time 
taken is neglectible compared to the time needed for other actions, in particular for 
a shuttle to traverse a track segment (in fact, the order of magnitude is of seconds 
for the latter, of milliseconds for the former). Note that we want to avoid explicit 
mention of time constraints here, as this would be a kind of over-specification at this 
level of abstraction. 

Intuitively, the safety properties correspond to requirements of the kind “something 
bad never happens" , the liveness properties to requirements of the kind “something 
good eventually happens" (the system should not only operate safely, but also ac- 
complish its task). 
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1. Safety (controller). “T/ie controller never reaches the ERROR! state’' (in 
fact, the ERROR! state indicates that some hardware failure happened): 

^EF (controLstate = ERROR!) 

2. Safety (device). “A shuttle does not move onto the switch plate while the plate 
is moving” . This is ensured by requiring that the critical area of the switch, 
consisting of the switch plate and its immediate surrounding (places S3, S4L, 
S4R in the model), is always free whenever the switch plate is moving: 

AG (movingJr V moving_rl S3 = [] A S4L = [] A S4R = []) 

3. Liveness. “All shuttles entering the switch will eventually leave it: unregis- 
tered shuttles leave it in the standard direction, registered ones in the non- 
standard direction.”: for each shuttle id “sh” 

AG (contams(Sl, sh) A -i(sh G registered) ^ AF contains (S5L, sh)) 

AG (contains(Sl, sh) A sh G registered AF contoins (S5R, sh)) 

where contains is a static predicate which tests if a given list contains a given 
element (for simplicity, we show the formulae for the special case std = left; 
for the case std = right, simply exchange S5L and S5R). 

Note that, thanks to our integration approach, we can freely mix state variables 
of the controller model (which are actually program variables) and state variables 
of the device model (which are an abstraction of the physical state of the switch) 
within our abstract requirements specification. The best example of this is given 
by the two properties in (3.), where variables of both models occur within the 
same formula, in order to formalize the causal relation between the controller 
state at a given moment and the resulting physical system behaviour. 

We could verify the properties above for instances of the problem with one, 
two, and three incoming shuttles. During the validation process (carried out 
according to the methodology sketched above, based on iteration of the model- 
checking/counterexample-simulation cycle), we detected a bug in the controller 
specification (in the control state switching, we forgot to increase the pass- 
ing counter on releasing the stopping cam), and found out that the assump- 
tions about immediate reaction of some transitions — mentioned at the end of 
Sect. 5.5 — are essential for the correct working of the system. 

6 Conclusions 

In this paper, we presented an approach to heterogeneous system modelling and 
specification in a very early design phase (ground model construction). Hetero- 
geneous modelling is particularly convenient in this phase, as it often allows 
for descriptions which are more intuitive and thus easier to relate to the corre- 
sponding real-world phenomena (if the most appropriate description formalisms 
for each part or aspect of the system are chosen). We have shown how Abstract 
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State Machines can be employed as meta-model for the mathematically well- 
founded integration of heterogeneous behavioural models, such that they also 
become amenable to computer-aided analysis and validation. In this context, 
the combination of model-checking and simulation provides a considerable help 
for the validation of ground models. 

The MFS case study demonstrated the principal feasibility of our approach. 
Obviously, the switch module discussed in this paper is a very simple example 
(still, we have reported that, even in such a simple scenario, the validation pro- 
cess uncovered problems and mistakes). Difficulties are to be expected for larger 
and more complex systems (such as a complete MFS, as resulting from the in- 
teraction of several switches, shuttles, halting points, etc.), in particular because 
of the well-known problem of state space explosion in model-checking. Thus, 
future research should deal with the question, how state-of-the-art verification 
techniques (e.g., abstraction, compositional model-checking) can be integrated 
in the proposed methodology, in order to make it applicable to large systems. 
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Abstract. This paper deals with embedded systems architecture components 
called as application patterns, and with their employment for design reuse. The 
first part of this contribution introduces the concepts of application patterns and 
relates them to the well-known object-oriented design abstractions. Employing 
application patterns that demonstrate the concrete examples of reusability, the 
kernel of this contribution presents two case studies, which are based on real 
design projects: petrol pumping station dispenser controller and multiple lift 
control system. To reuse an architectural component whose implementation 
usually consists both of software and hardware, it means to reuse its formal 
specification. The paper deals with behavioral specifications employing state or 
timed-state sequences and with their closed-form descriptions by finite-state or 
timed automata. The contribution focuses on identification, creation, and initial 
classification of reusable application patterns while retrieval, adaptation, and 
storage reuse tasks with case-based reasoning support are treated briefly at the 
conclusion as an introductory information about launching research. 



1 Introduction 

Methods and approaches in systems engineering are often based on the results of 
empirical observations or on individual success stories (Robillard, 1999). Every real- 
world embedded system design stems from decisions based on an application domain 
knowledge that includes facts about some previous design practice. Evidently, such 
decisions relate to systems architecture components, called in this paper as application 
patterns, that determine not only a required system behavior but also some presupposed 
implementation principles. Application patterns should respect those particular solutions 
that were successful in previous relevant design cases. While focused on the system 
architecture range that covers more than software components, the application patterns 
look in many features like object-oriented design concepts such as reusable patterns, see 
Goad and Yourdon, 1990, design patterns, see Gamma et ah, 1995, and frameworks, see 
Johnson, 1997. Of course, there are also other related concepts such as use cases, see 
Jacobson, 1992, architectural styles, see Shaw and Garlan, 1996, or templates, see 
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Turner, 1997, that could be utilized for the purpose of this paper instead of introducing a 
novel notion. Nevertheless, the system architectures of embedded applications are dealt 
preferably with no implicit reference to object-oriented modeling or to other special 
features contemplated in specifications of the above mentioned notions. 

The following section of this paper introduces the principles of design reuse applied 
by way of application patterns. Then, employing application patterns fitting a class of 
real-time embedded systems, the kernel of this contribution presents two design projects: 
petrol pumping station dispenser controller and multiple lift control system. Via 
identification of the identical or similar application patterns in both design cases, this 
contribution proves the possibility to reuse substantial parts of formal specifications in a 
relevant subdomain of embedded systems. The last part of the paper deals with intended 
knowledge-based support for this reuse process applying case-based reasoning paradigm. 



2 Design Reuse 

To reuse an application pattern, whose implementation usually consists both of software 
and hardware components, it means to reuse its formal specification, development of 
which is very expensive and, consequently, worthwhile for reuse. This paper is aimed at 
behavioral specifications employing state or timed-state sequences, which correspond to 
the Kripke style semantics of linear discrete time temporal or real-time logics, and at 
their closed-form descriptions by finite-state or timed automata (Alur and Henzinger, 
1992). 

Comparing to systems design reuse, software design reuse is currently highly 
published topic, see e.g. Arora and Kulkami, 1998, Sutcliffe and Maiden, 1998, Mill, 
Mill, and Mittermeir, 1997, Holtzblatt et al, 1997, Henninger, 1997. Namely the state- 
dependent specification-based approach discussed by Zaremski and Wing, 1997, and by 
van Lamsweerde and Willemet, 1998, inspired the application patterns handling 
presented in the current paper. To relate application patterns to the previously introduced 
software oriented concepts more definitely, the inherited characteristics of the archetypal 
terminology, omitting namely their exclusive software and object-orientation, can be 
restated as follows. A pattern describes a problem to be solved, a solution, and the 
context in which that solution works. Patterns are supposed to describe recurring 
solutions that have stood the test of time. Design patterns are the micro-architectural 
elements of frameworks. A framework — which represents a generic application that 
allows the creation of different applications from an application (sub)domain — is an 
integrated set of patterns that can be reused. While each pattern describes a decision 
point in the development of an application, a pattern language is the organized 
collection of patterns for a particular application domain, and becomes an auxiliary 
method that guides the development process (see the pioneer work Alexander, 1977, 
which belongs surprisingly to the field of buildings architecture). 

Application patterns correspond not only to design patterns but also to frameworks 
while respecting multi-layer hierarchical stmctures. Embodying domain knowledge. 




82 



M. Sveda 



application patterns deal both with requirement and implementation specifications. In 
fact, a precise characterization of the way, in which implementation specifications and 
requirements differ, depends on the precise location of the interface between an 
embedded system, which is to be implemented, and its environment, which generates 
requirements on system’s services. However, there are no strict boundaries in between: 
both implementation specifications and requirements rely on designer’s view, i.e. also on 
application patterns employed. 

A design reuse process involves several necessary reuse tasks that can be grouped into 
two categories: supply-side and demand-side reuse, see Sen, 1997. Supply-side reuse 
tasks include identification, creation, and classification of reusable artifacts. Demand- 
side reuse tasks include namely retrieval, adaptation, and storage of reusable artifacts. 
For the purpose of this paper, the reusable artifacts are represented by application 
patterns. 

The following two sections of this contribution describe two case studies based on 
implemented design projects, using application patterns that enable to discuss the 
concrete examples of application patterns reusability. 



3 Petrol Dispenser Control System 

The first case study pertains to a petrol pumping station dispenser with a distributed, 
multiple microcomputer counter/controller, see Sveda, 1996. A dispenser controller is 
inter-connected with its environment through an interface with volume meter (input), 
pump motor (output), main and by-pass valves (outputs) that enable full or throttled 
flow, release signal (input) generated by cashier, unhooked nozzle detection (input), 
product's unit price (input), and volume and price displays (outputs). 



3.1 Two-Level Structure 

The first employed application pattern is the two-level structure proposed by Xinyao et 
ah, 1994: the higher level behaves as an event-driven component, and the lower level 
behaves as a set of real-time interconnected components. The behavior of the higher 
level component can be described by the following state sequences of a finite-state 
automaton with states "blocked-idle," "ready," "full fuel," "throttled" and "closed," and 
with inputs "release," (nozzle) "hung on/off," "close" (the preset or maximal displayable 
volume achieved), "throttle" (to slow down the flow to enable exact dosage) and "error": 

blocked-idle ready full_fuel blocked-idle 
blocked-idle ready full_fuel throttled blocked-idle 
blocked-idle ready full_fuel throttled closed *■"%“ blocked-idle 

blocked-idle blocked-error 
blocked-idle ready blocked-error 
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blocked-idle ready full_fuel blocked-error 
blocked-idle ready ‘"“-a^^ffulLftiel throttled blocked-error 

The states "full_fuel" and "throttled" appear to be hazardous from the viewpoint of 
unchecked flow because the motor is on and the liquid is under pressure — the only 
nozzle valve controls an issue in this case. Also, the state "ready" tends to be hazardous: 
when the nozzle is unhooked, the system transfers to the state "full_friel" with flow 
enabled. Hence, the accepted fail-stop conception necessitates the detected error 
management in the form of transfers to the state "blocked-error." To initiate such 
transfers for issue blocking, the error detection in the hazardous states are necessary. On 
the other hand, the state "blocked-idle" is safe because the input signal "release" can be 
masked out by the system that, when some failure is detected, performs the internal 
transition from "blocked-idle" to "blocked-error." 



3.2 Incremental Measnrement 

The volume measurement and flow control represent the main functions of the hazardous 
states. The next applied application pattern, incremental measurement, means the 
recognition and counting of elementary volumes represented by rectangular impulses, 
which are generated by a photoelectric pulse generator. The maximal frequency of 
impulses and a pattern for their recognition depend on electro-magnetic interference 
characteristics. The lower-level application patterns are in this case a noise-tolerant 
impulse detector and a checking reversible counter. The first one represents a clock- 
timed impulse-recognition automaton that implements the periodic sampling of its input 
with values 0 and 1 . This automaton with n states recognizes an impulse after n/2 (n>=4) 
samples with the value 1 followed by n/2 samples with the value 0, possibly interleaved 
by induced error values, see the following timed-state sequence: 

(0, qO (i, q,) (i+1, q^) (j, q^) ... ‘-n' (k, q,v2.i) ... 

... (m, q„_0 (m+1, q„) ■'n* ... (n, q„) (n+1, q,) 

i, j, k, m are integers: 0<i<j<k<m<n 

For the sake of fault-detection requirements, the incremental detector and transfer 
path are doubled. Consequently, the second, identical noise-tolerant impulse detector 
appears necessary. 

The subsequent lower-level application pattern is the checking reversible counter, 
which starts with the value (h -i- 1)/2 and increments or decrements that value according to 
the "impulse detected" outputs from the first or the second recognition automaton. 
Overflow or underflow of the pre-set values of h or 1 indicate an error. Another counter 
that counts the recognized impulses from one of the recognition automata maintains the 
whole measured volume. The output of the letter automaton refines to two displays with 
local memories not only for the reason of robustness (they can be compared) but also for 
functional requirements (double-face stand). To guarantee the overall fault detection 
capability of the device, it is necessary also to consider checking the counter. This task 
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can be maintained by an I/O watchdog application pattern that can compare input 
impulses from the photoelectric pulse generator and the changes of the total value; the 
appropriate automaton performs again reversible counting. 



3.3 Fault Management 

To prevent unregistered flow, the fail-stop conception used appraises as more acceptable 
the forced blocking of the dispenser with frozen actual data on displays instead of an 
untrustworthy issue. The application patterns, so far introduced stepwise, cooperate so 
that they accomplish the consequent application pattern, management based on fail- 
stop behavior approximation, in the form of (a) hazardous state reachability control and 
(b) hazardous state maintenance. In all safe states ("blocked-idle," "closed," and 
"blocked-error"), any fuel flow is disabled by power hardware construction; in the same 
time, the contents of all displays are protected against any change required by possibly 
erroneous control system. The system is allowed to reach hazardous states ("ready," 
"full_fuel," and "throttled") when the installed processors successfully have passed start- 
up checks and interprocessor communication initiation. The hazardous state maintenance 
includes doubled input path check for detected product impulses and I/O watchdog 
check. The danger of explosion in the case of uncontrolled petrol flow is eliminated by 
hard kernel items such as the nozzle with hydraulic shut-off and mechanical blocking the 
hooked nozzle. 



4 Multiple Lift Control System 

The second case study deals with the multiple lift control system based on a dedicated 
multiprocessor architecture, see Sveda, 1997. An incremental measurement device for 
position evaluation, and position and speed control of a lift cabin in a lift shaft can 
demonstrate reusability. In fact, that device is contained in the lift control system via 
multiple instances: one for each lift shaft in a multiple lift system. 

The applied application pattern, incremental measurement, means in this case the 
recognition and counting of rectangular impulses that are generated by an 
electromagnetic or photoelectric sensor/impulse generator, which is fixed on the bottom 
of the lift cabin and which passes equidistant position marks while moving along the 
shaft. That device communicates with its environment through interfaces with impulse 
generator and drive controller. So, the first input, I, contains the values 0 or 1 that are 
altered with frequency equivalent to the cabin speed. The second input, D, contains the 
values "up," "down," or "idle." The output, P, resembles to the actual absolute position 
of the cabin in the shaft. 
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4.1 Two-Level Structure 

The next employed application pattern is the two-level structure: the higher level 
behaves as an event-driven component: 

initialization — > position_indication — > fault_indication 

and the lower level behaves as a set of real-time interconnected components. The 
specification of the lower level can be developed by refining the higher level state 
"position_indication" into three communicating lower level automata: two noise-tolerant 
impulse detectors and checking reversible counter. 



4.2 Incremental Measurement 

The first automaton models the noise-tolerant impulse detector, see the following timed- 
state sequence: 

(0, qO “no (i, qO (i+1, q^) “n'’ ... (j, fi2) ... (k, q^2.i) ... 

... (m, q„.0 (m+1, q„) “n' ... (n, q„) (n+1, q,) 

i, j, k, m are integers: 0<i<j<k<m<n 

The information about a detected impulse is sent to the counting automaton that can 
also access the indication of the cabin movement direction through the input D. For the 
sake of fault-detection requirements, the impulse generator and the impulse transfer path 
are doubled. Consequently, a second, identical noise-tolerant impulse detector appears 
necessary. The subsequent application pattern is the checking reversible counter, which 
starts with the value (h -i- 1)/2 and increments or decrements the value according to the 
"impulse detected" outputs from the first or second recognition automaton. Overflow or 
underflow of the preset values of h or 1 indicate an error. This detection process sends a 
message about a detected impulse and the current direction to the counting automaton, 
which maintains the actual position in the shaft. To check the counter, an I/O watchdog 
application pattern employs again reversible counting that can compare the impulses 
from the sensor/impulse generator and the changes of the total value. 



4.3 Fault Management 

The approach used accomplishes a consequent application pattern, fault management 
based on fail-stop behavior approximation, in the form of (a) hazardous state 
reachability control and (b) hazardous state maintenance. In safe states, the lift cabins are 
fixed at any floors. The system is allowed to reach any hazardous state when all relevant 
processors successfully passed the start-up checks of inputs and monitored outputs and 
of appropriate communication status. The hazardous state maintenance includes 
operational checks and consistency checking for execution processors. To comply with 
safety-critical conception, all critical inputs and monitored outputs are doubled and 
compared. When the relevant signals differ, the respective lift is either forced (with the 
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help of a substitute drive if the shaft controller is disconnected) to reach the nearest floor 
and to stay blocked, or (in the case of maintenance or fire brigade support) its services 
are partially restricted. The basic safety hard core includes mechanical, emergency 
brakes. 



5 Application Patterns Reuse 

The two case studies presented above demonstrate the possibility to reuse effectively 
substantial parts of the design dealing with a petrol pumping station technology for a lift 
control technology project. While both cases belong to embedded control systems, both 
the application domains and the technology principles differ: volume measurement and 
dosage control seems not too close to position measurement and control. Evidently, the 
similarity is observable by employment of application patterns. 

The reused upper-layer application patterns presented include the automata-based 
descriptions of incremental measurement, two-level (event-driven/real-time) structure, 
and fault management stemming from fail-stop behavior approximations. The reused 
lower-layer application patterns are exemplified by the automata-based descriptions of 
noise-tolerant impulse detector, checking reversible counter, and I/O watchdog. 

Clearly, while all introduced application patterns correspond to design patterns in the 
above explained interpretation, the upper-layer application patterns can be related also to 
frameworks. Moreover, the presented collection of application patterns creates a base for 
a pattern language supporting reuse-oriented design process for industrial real-time 
embedded systems. 



6 Knowledge-Based Support 

Industrial scale reusability requires a knowledge-based support, e.g. by case-based 
reasoning, which was successfully used by the author and his colleagues previously in 
another application (Sveda, Babka and Freebum, 1997). Case-based reasoning, see e.g. 
Kolodner, 1993, differs from other rather traditional methods of Artificial Intelligence 
relying on case history. For a new problem, the case-based reasoning strives for a similar 
old solution. This old solution is chosen according to the correspondence of a new 
problem to some old problem that was successfully solved by this approach. Hence, 
previous significant cases are gathered and saved in a case library. Case-based reasoning 
stems from remembering a similar situation that worked in past. For software reuse, case- 
based reasoning utilization is currently studied from several viewpoints, see e.g. 
Heiminger, 1998, and Soundarajan, 1998. 
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6.1 Case-Based Reasoning 

The case-based reasoning method contains elicitation, which means collecting those 
cases, and implementation, which represents identification of important features for the 
case description consisting of values of those features. A case-based reasoning system 
can only be as good as its case library (Kolodner, 1993): only successful and sensibly 
selected old cases should be stored in the case library. The description of a case should 
comprise the corresponding problem, solution of the problem, and any other information 
describing the context for which the solution can be reused. A feature-oriented approach 
is usually used for the case description. 

Case library serves as a knowledge base of the case-based reasoning system. The 
system acquires knowledge from old cases while learning can be achieved accumulating 
new cases. Solving a new case, the most similar old case is retrieved from the case 
library. The suggested solution of the new case is generated in conformity with this 
retrieved old case. Search for the similar old case from the case library represents 
important operation of case-based reasoning paradigm. The problem to be solved arises 
how to measure the similarity of state-based specifications for retrieval. Retrieval 
schemes proposed in the literature can be classified based upon the technique used to 
index cases during the search process (Atkinson, 1998): (i) classification-based schemes, 
which include keyword or feature-based controlled vocabularies; (ii) structural schemes, 
which include signature or structural characteristics matching; and (iii) behavioral 
schemes; which seek relevant cases by comparing input and output spaces of 
components. 



6.2 Case-Based Reasoning Application Concepts 

The primary approach to the current application includes some equivalents of abstract 
data type signatures, belonging to structural schemes, and keywords, belonging to 
classification schemes. While the first alternative means for this purpose to quantify the 
similarity by the topological characteristics of associated finite automata state-transition 
graphs, such as number and placement of loops, the second one is based on a properly 
selected set of keywords with subsets identifying individual patterns. 



7 Conclusions 

The above presented case studies, which demonstrate the possibility to reuse concrete 
application patterns, have been in fact excerpted from two realized design cases. The 
application patterns, originally introduced as “configurations” in the project of petrol 
pumping station technology, see Sveda, 1996, were effectively — but without any 
dedicated development support - reused for the project of lift control technology, see 
Sveda, 1997. 

This contribution informs about case studies and tools available at the beginning of 
research aiming at knowledge-based support for industrial embedded systems design. 
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Case-based reasoning was successfully utilized by the author and his colleagues 
previously for another industrial application (Sveda, Babka and Freebum, 1997). 
Hopefully, also this meta-knowledge can be successfully reused. 
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Abstract. The article discusses the notion of state spaces of object- 
oriented Petri nets (OOPNs) associated to the tool called PNtalk and the 
role of identifiers of dynamically appearing and disappearing instances 
within these state spaces. Methods of working with identifiers based on 
sophisticated naming rules and mechanisms for abstracting names are 
described and compared. Some optimizations of state space generating 
algorithms for the context of OOPNs are mentioned, as well. Finally, 
some possibilities of specifying properties of systems to be checked over 
the state spaces of their OOPN-based models are discussed. 



1 Introduction 

Current complex distributed applications require dealing with dynamically ari- 
sing and disappearing objects which can communicate, synchronize their actions, 
and migrate among particular nodes of the distributed environment they are 
running in. Particularly, distributed operating systems, groupware allowing for 
a concurrent work of several people on the same project, or applications exploit- 
ing the technology of agents or mobile agents can be listed as examples of the 
above-mentioned applications. 

A language called PNtalk based on object-oriented Petri nets (OOPNs) 
[Jan98] has been developed at the DCSE, TU Brno in order to support mo- 
delling, investigating, and prototyping complex distributed object-oriented soft- 
ware systems. PNtalk supports intuitive modelling all the key features of these 
systems, such as object-orientedness, message sending, parallelism, and synchro- 
nization. This is achieved through working with active objects encapsulating sets 
of processes described by Petri nets. Processes inside the objects communicate 
via a shared memory, while objects themselves communicate by message passing. 

Simulation is one of the ways of examining systems modelled by OOPNs and 
it is already supported by a prototype version of a tool called PNtalk [CJV97]. 
Moreover, models created in PNtalk can be used as a basis of prototypes of the 
modelled systems. In such a case, some objects are likely to be implemented in 
Smalltalk exploiting the fact that PNtalk allows Smalltalk-based and OOPN- 
based objects to transparently communicate in both directions. 

Although we have started with simulation, this article considers more the first 
steps made towards exploiting formal analysis and verification methods in the 
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context of OOPNs. This approach can be considered an alternative to simulation 
because although we are not always able to fully verify or analyse the behaviour 
of a system, even partial analysis or verification can reveal some errors which 
tend to be different from the ones found by simulation [Val98]. We believe that 
object-orientation should allow for a relatively easy extraction of the subsystems 
to be verified together with a suitable abstraction of their surroundings. 

Among the different attitudes to performing formal analysis or verification, 
using state spaces appears to be the most straightforward way for the case of 
OOPNs. Methods based on state spaces are quite universal, can be almost fully 
automated, and allow for relatively easy implementation. There have been propo- 
sed many different ways of alleviating their main deficiency — the state explosion 
problem [Val98]. Now these methods should be adapted and optimized for the 
context of OOPNs. Apart from that, it is necessary to solve some new problems 
accompanying state spaces of OOPNs as a formalism with dynamic instantia- 
tion, such as the problem how to efficiently treat the identifiers of dynamically 
appearing and disappearing instances. 

At the beginning of building a theory of state space analysis over OOPNs 
(or more generally over any formalism with dynamic instantiation of some kind 
of components) it is necessary to pay careful attention to treating identifiers of 
objects (or in general to identifiers of some other kind of dynamically appearing 
and disappearing instances). Otherwise, many unnecessary states can be gene- 
rated and the state space can even unnecessarily grow to infinity. This naming 
problem can be solved either by introducing some sophisticated rules for as- 
signing identifiers to instances or by not considering concrete names of instances 
to be important when checking states to be equal. 

The work with instance identifiers influences not only generating state spaces 
of OOPNs, but also analyzing them. This is because we need to be able to 
describe expected properties of the systems being examined without referring 
to the concrete names of the instances involved in states and events of their 
state spaces. These names are semantically not important and, what is more, 
modellers can hardly work out what identifiers will be used in different states. 

In the article, we first present the main ideas behind the OOPN formalism. 
Then we briefly discuss the naming problem arising in state spaces of OOPNs, 
together with some further optimizations to be used when generating them. 
Finally, we suggest a method of querying over states spaces of OOPNs. 

2 Key Concepts of OOPNs 

The OOPN formalism [CJV97] is characterized by a Smalltalk-based object- 
orientation enriched with concurrency and polymorphic transition execution, 
which allow for message sending, waiting for and accepting responses, creating 
new objects, and performing primitive computations. An example demonstrating 
the notation of OOPNs is shown in figure 1. 

This section rephrases the basic ideas of the definition of OOPNs, however, 
due to space limitations, without making the description formal and complete. 
We explain the necessary notions only. A bit deeper introduction to the OOPN 
formalism can be found in [CJV97] and the entire definition of OOPNs in [Jan98] . 
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return place synchronous port method net transition action transition guard object net 



Fig. 1. An OOPN example (Main’s methods produce and consume are not shown). 



2.1 The OOPN Structure 

An object-oriented Petri net is a triple {S,co,oido) where is a system of 
classes, cq an initial class, and oido the name of an initial object from cq. 

S contains sets of OOPN elements which constitute classes. It comprises 
constants CONST, variables VAR, net elements (such as places P and tran- 
sitions T), class elements (such as object nets ONET, method nets MNET, 
synchronous ports SYNC, and message selectors MSC), classes CLASS, ob- 
ject identifiers OID, and method net instance identifiers MID. We denote 
NET = ONET U MNET and ID = OID U MID. The universe U of an 
OOPN contains (nested) tuples of constants, classes, and object identifiers. Let 
BIND = {h\b \ VAR — >■ U} he the set of all bindings of variables. 

Object nets consist of places and transitions. Every place has some initial 
marking. Every transition has conditions (i.e. inscribed testing arcs), precon- 
ditions (i.e. inscribed input arcs), a guard, an action, and postconditions (i.e. 
inscribed output arcs). Method nets are similar to object nets but, in addition, 
each of them has a set of parameter places and a return place. Method nets can 
access places of the appropriate object nets in order to allow running methods 
to modify states of objects which they are running in. 

Synchronous ports are special transitions which cannot fire alone but only 
dynamically fused to some other transitions which “activate” them from their 
guards via message sending. Every synchronous port embodies a set of conditi- 
ons, preconditions, and postconditions over places of the appropriate object net, 
and further a guard, and a set of parameters. Parameters of an activated port s 
can be bound to constants or unified with variables defined on the level of the 
transition or port that activated s. 

A class is specified by an object net (an element of ONET), a set of method 
nets (a subset of MNET), a set of synchronous ports (a subset of SYNC), and 
a set of message selectors (a subset of MSC) corresponding to its method nets 
and ports. Object nets describe possible independent activities of particular ob- 
jects, method nets reactions of objects to messages sent to them from outside. 
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and ports allow for remotely testing and changing states of objects in an atomic 
way. The inheritance mechanism of OOPNs allows for an incremental specifica- 
tion of classes. Inherited methods and synchronous ports can be redefined and 
new methods and synchronous ports can be added. A similar mechanism applies 
for object net places and transitions. 

2.2 The Dynamic Behaviour of OOPNs 

The dynamic behaviour of OOPNs corresponds to the evolution of a system 
of objects. An object is a system of net instances which contains exactly one 
instance of the appropriate object net and a set of currently running instances 
of method nets. Every net instance entails its identifier id G ID and a marking 
of its places and transitions. A marking of a place is a multiset of elements of 
the universe U. A transition marking is a set of invocations. Every invocation 
contains an identifier id G MID of the invoked net instance and a stored binding 
b G BIND of the input variables of the appropriate transition. 

A state of a running OOPN has the form of a marking. To allow for the clas- 
sical Petri net-way of manipulating markings, they are represented as multisets 
of token elements. In the case of a transition marking, the identifier of the in- 
voked method net instance is stored within the appropriate binding in a special 
(user-invisible) variable mid. Thus a formal compatibility of place and transition 
markings is achieved and it is possible to define a token element as a triple con- 
sisting of the identifier of the net instance it belongs to, the appropriate place 
or transition, and an element of the universe or a binding. Then we can say for 
a marking M that: 

M G [{ID X P X C/) U (/D X T X BIND)]^^. 

A step from a marking of an OOPN into another marking can be described 
as the so-called event. Such an event is a 4-tuple 

E = (e, id, t, b) 

including (1) its type e, (2) the identifier id G ID of the net instance it takes 
place in, (3) the transition t G T it is statically represented by, and (4) the 
binding tree b containing the bindings used on the level of the invoked transition 
as well as within all the synchronous ports (possibly indirectly) activated from 
that transition. There are four kinds of events according to the way of evaluating 
the action of the appropriate transition: A - an atomic action involving trivial 
computations only, N - a new object instantiation via the message new, F - an 
instantiation of a Petri-net described method, and J - terminating a method 
net instance. If an enabled event E occurs in a marking M and changes it into 
a marking M' , we call this a step and denote it by 

M[E)M'. 

For a given OOPN, its initial marking Mq corresponds to a single, initially 
marked object net instance from the initial class cq identified as otdo- The set of 
all markings of an OOPN is denoted as MA and the set of all events as EV. 
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Finally, let us introduce the following notation. Given id G ID, net{id) de- 
notes the net n G NET such that id identifies an instance of n, and oid{id) 
denotes oid G OID such that id identifies a net instance belonging to the object 
identified by oid. Note that an object is identified by the identifier of its object 
net instance. 



3 The Notion of State Spaces of OOPNs 

This section discusses the notion of state spaces of OOPNs as a representative 
of formalisms with dynamic instantiation of some kind of components. Two me- 
thods for dealing with names of instances of the components being instantiated 
are suggested and discussed here trying to minimize the impact of the presence 
of names in states upon the state space explosion problem. 

State spaces can generally be defined [Val98] as 4-tuples consisting of a set 
of states, a set of structural transitions, a set of semantic transitions (i.e. links 
between states and structural transitions), and an initial state. This concept can 
be used when dealing with state spaces of OOPNs (or any other formalism with 
dynamic instantiation), as well. However, in the context of such formalisms, it is 
necessary to pay careful attention to efficiently handling the naming information 
present in states in order not to worsen the state space explosion problem. Let 
us denote this phenomenon as the naming problem. 

The naming information present in states of dynamically structured forma- 
lisms is used for uniquely identifying the just existing instances which allows 
for separating their local states and expressing references among them. Working 
with instance identifiers, e.g. in the form of addresses of objects, is common 
when running object-oriented programs or simulating object-oriented models. 
However, in the context of state spaces, the naming information can signifi- 
cantly enlarge the state space explosion problem. This is due to the possibility 
of unnecessarily generating many states differing only in the names of the in- 
volved instances even if the names cannot influence the future behaviour of the 
system being examined in any way (up to renaming) . What is worse, sometimes 
the naming information can make state spaces of evidently finite-state systems 
grow to infinity — it suffices to keep creating and destroying an instance iden- 
tifying it using still new identifiers. 

There are at least two methods for solving the naming problem — using 
sophisticated naming rules for assigning identifiers to newly arising instances 
and the so-called name abstraction as a specialization of the symmetry method 
for reducing state spaces [Jen94]. The latter method is based on not considering 
concrete names of instances to be important when checking states to be equal, 
which leads to working with renaming equivalence classes of states rather than 
with the individual states. Both of these methods together with their pros and 
cons are discussed in the following in the context of OOPNs. However, first of 
all we define full state spaces of OOPNs in order to obtain a basis to be reduced 
using one of the mentioned methods. 

Still before discussing the two mentioned principles in more detail we should 
note that the problem they should solve cannot be avoided by simply presenting 
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an algorithm for transforming the formalism with dynamic instantiation under 
question into some kind of low-level formalism which should serve as a basis for 
formal analysis. When we for example try to transform object-oriented Petri nets 
into some kind of “plain” high-level nets, as for example in [SB94], there must 
appear a construction generating identifiers which then become a distinguishing 
part of tuples representing tokens of originally different net instances folded 
together. Thus the problem of naming is carried into the domain of non-object 
nets and must be solved within their analysis process. 



3.1 Full State Spaces of OOPNs 

Full state spaces of OOPNs can be defined using the general concept of state 
spaces mentioned above. For a given OOPN, states will correspond to reachable 
markings and structural transitions to applicable events. Semantic transitions 
will be defined in accordance to the firing rules of OOPNs. Finally, the initial 
state will be the initial marking, of course. 

Definition 1 (Full State Spaces of OOPNs). 

Let an object-oriented Petri net OOPN with its set of markings MA, its 
initial marking Mq, and its set of events EV be given. We define the (full) state 
space of OOPN to be the j-tuple StSp = {S,T, A,Mo) such that: 

1- S=[Mq). 

2. T = {{Mi,E,M 2) eSx EV X S \ Mi[E)M2}. 

3. VMi,M2 G MA WE G EV[{Mi,E,M2) {Mi, {Mi, E, M 2 ), M 2 ) G Z\]. 



A consequence of the definition of full state spaces of OOPNs ignoring the 
naming problem is that when we try to create the first instance of some net whose 
domain of its instance identifiers is infinite we immediately obtain infinitely many 
possible target markings. Moreover, requiring sets of possible identifiers of nets 
to be finite will not solve the problem because (1) it can change the semantics of 
the model by artificially restricting the number of concurrently existing instances 
and (2) there can still be generated unnecessarily many target markings. 



3.2 Using Sophisticated Naming Rules 

Sophisticated rules for assigning identifiers to newly arising instances attempt to 
decrease the degree of nondeterminism potentially present in the management 
of names of dynamically arising and disappearing instances and thus to decrease 
the number of reachable states. Such rules can be made a part of the semantics of 
the given modelling language. However, they can also be applied without being 
integrated into the modelling language. Then their application can be viewed 
as a tool for reducing state spaces and we have to show that using them we 
do not lose any important information wrt. the definition of the appropriate 
formalism. The proof can be based on showing that the application of such rules 
is in fact a “safely-redundant” implementation of the principle of (complete) 
name-abstracted state spaces discussed later. 
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The simplest nontrivial rule for naming instances is assigning identifiers ac- 
cording to some ordering over them. A deficiency of this attitude is that when 
we are cyclically creating and destroying some instance we will again obtain an 
infinite state space. This can be solved by recycling identifiers, i.e. by identifying 
newly emerging instances by the lowest and currently not used identifiers. Ho- 
wever, even when we use recycling, there can still be generated many different 
states which are obviously semantically equal. Such a situation arises when some 
configuration of instances characterized by the number of the involved instances, 
their types, their trivial marking, and their mutual relations can be reached via 
several state space paths in which the instances are created in different orders 
and using various auxiliary instances with differently overlapped lifetimes. Then 
there can be generated several states containing the given configuration of in- 
stances and differing only in the names of some of the involved uninterchange able 
instances (distinguished by their contents or by the way they are referred to). 

The problem of generating unnecessarily many states, which can hardly be 
avoided even under elaborated naming schemes, can be alleviated to some de- 
gree when using partial order reduction techniques [Val98] . This is because these 
techniques reduce numbers of paths leading to particular states and thus also 
possibilities to obtain different permutations of identifiers of the involved cha- 
racteristic instances. Nevertheless, the problem is not fully solved this way as it 
is not always possible to choose only one interleaving out of a set of the possible 
ones. Partial order techniques can ignore different orders of actions only in the 
case they are invisible and do not collide. Furthermore, finding optimal stubborn 
(persistent, ample) sets can be too time-consuming and so an approximation is 
often taken (especially in the case of high-level formalisms). 

3.3 Abstracting Away the Naming Information 

With respect to the previous discussion, we now suggest another possible method 
for solving the naming problem based on not considering concrete values of 
names of instances to be important when checking states to be equal. In other 
words, we are going to define two markings to be equal if there exists a suitable 
permutation over the set of all identifiers whose application makes the states 
identical. As a consequence, we will replace working with particular states by 
working with renaming equivalence classes of them. In the following, we will 
try to describe the method at least partially in a formal way — a fully formal 
description, together with proofs of the propositions, can be found in [VojOO]. 

It should be noted here that the concept of name abstraction is a specia- 
lization of the general notion of symmetries [Jen94] applied for reducing state 
explosion caused by the presence of concrete names of instances in states. Un- 
like general symmetries, renaming symmetries are universal in the domain of 
OOPNs, i.e. they can be used for all OOPN-based models. Furthermore, since 
renaming symmetries are highly specialised, they allow (1) for formulating more 
exact propositions over the state spaces based on them and (2) for using more 
effective methods of treating them within generating state spaces. 

The idea of abstracting away the naming information can only be applied 
due to the fact that the behaviour of OOPN-based models does not depend 
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on concrete values of identifiers. From this point of view, it is crucial that the 
definition of OOPNs does not allow for using instance identifiers in expressions 
and that there cannot be performed trivial computations depending on concrete 
values of instance names. Therefore it can be proved that starting from some 
state concrete names of instances do not influence the future evolution of the 
appropriate OOPN in any way (up to renaming). Thus it is not necessary to 
distinguish states equal up to renaming because of the future behaviour they 
can lead to. Furthermore, it is not necessary to be afraid of losing the identity 
of an object within some marking stemming from its history and to differentiate 
markings equal up to renaming only because their histories cannot be made equal 
even when applying renaming. If we are interested in one particular history 
of some object within a marking, we can always concentrate on that history 
additionally and ignore all other possible histories. 

We have said that we want two markings to be equal if there exists a sui- 
table permutation over the set of all the identifiers allowed in the appropriate 
OOPN whose application makes the states identical. However, we do not accept 
all permutations. An acceptable permutation must preserve the information ab- 
out (1) to which object a given instance belongs to, (2) to which net the instance 
belongs, and (3) it cannot change the identifier of the initial object, which is im- 
portant for the garbage collecting mechanism. Permutations conform to the just 
described requirements will be called renaming permutations in the following. 

Definition 2 (Renaming Permutations). 

Suppose we have an object-oriented Petri net OOPN with its set of instance 
identifiers ID and its initial object identifier oidg. We define renaming permu- 
tations over OOPN to be the bijections tt : ID o ID such that: 

1. 7t(oic?o) = ozdo- 

2. Mid G ID \net{id) = net{'K{id))]. 

3. Mid G ID [-K{oid{id)) = oid{TT{id))\. 

The concept of renaming permutations provides a basis for defining the so- 
called renaming symmetries, i.e. bijections on sets of markings and sets of events. 
The formal definition of renaming symmetries can be obtained by a simple but 
a little longer extension of bijections working over identifiers to bijections over 
markings and events — we will skip the definition here. We denote the renaming 
symmetry induced by a renaming permutation tt as . Now we can define 
two markings Mi, M 2 to be equal up to renaming iff there exists a renaming 
permutation tt such that q^{Mi) = M 2 . The same can be done for events. In 
the following, we will denote the renaming equivalence relation by Members 
of its equivalence classes will be referred to using the black board alphabet, i.e. 
M or E, or via their representatives, i.e. [M] or [E], Finally, quotient sets wrt. 
~ will be denoted using ~ as a subscription, as e.g. MA^. 

The notion of renaming symmetries allows us to formalize the already men- 
tioned proposition that concrete names of instances cannot influence anything 
else than again names of instances present in the future behaviour of an OOPN- 
described system starting from a given state. Such a property is crucial in the 
theory of symmetrically reduced state spaces. 
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Proposition 1. Let us have an object-oriented Petri net OOPN with its set of 
markings MA, its set of events EV, and the corresponding set of all renaming 
permutations II. Then the following holds for every Mi, M2 G MA, E G EV , 
and 7T G 77; Mi[E)M2 ^ {Mi)[g^ {E)) q^{m 2 ) . 

Renaming symmetries allow us to propose the expected notion of name- 
abstracted state spaces (NA state spaces) of OOPNs. When generating a name- 
abstracted state space, concrete identifiers of instances will not be taken into 
account and two states or events will be considered equal if they are equal up to 
renaming. The definition of name-abstracted state spaces will be based again on 
the general concept of state spaces. However, this time states will correspond to 
reachable name- abstracted markings, i.e. equivalence classes of MA wrt. and 
structural transitions to useful name-abstracted events, i.e. equivalence classes of 
EV wrt. Semantic transitions will be defined in accordance to the firing rules 
of OOPNs and to the semantics of renaming. The initial state will be equal to 
the equivalence class comprising the initial marking and only the initial marking. 

Definition 3 (Name- Abstracted State Spaces). 

Let an object-oriented Petri net OOPN with its set of markings MA, its 
initial marking Mg, its set of events EV, and its renaming equivalence relation 
~ be given. We define the name-abstracted state space (NA state space) of 
OOPN to be the j-tuple N AStSp = {Sn,Tjs[, An,[Mq]) such that: 

1. Sn = {[M] G MA^ I M G [Mo)}. 

Tn = {([Ml], [E], [M 2 ]) G X EV.^ X Sn \ Mi[E)M 2 }. 

3. VMi,M2 G MAr., VE G EVr., [(Mi,E,M2) € Tn ^ (Mi, (Mi, E, M 2 ), M 2 ) G 
An]. 

The above proposed name-abstracted state spaces are based on projecting 
away the naming information present in particular states and structural tran- 
sitions of the classical state spaces. However, this does not say much about 
what kind of information they preserve or whether they even contain exactly 
the same information as full state spaces. More precisely, we could say that NA 
state spaces preserve all information present in full state spaces if it was possible 
to reconstruct the appropriate full state spaces from them. Unfortunately, this 
is not the case. NA state spaces preserve information about reachable states and 
events but their interconnection is preserved only partially. This fact is forma- 
lized in the proposition 2 from whose power we can guess that NA state spaces 
do not contain information about which particular instances are manipulated by 
events when going from one state into another. 

Proposition 2. Let us have an OOPN with its state space StSp and the corre- 
sponding name-abstracted state space NAStSp. Then the following holds: 

Vn > 1 VMi,...,M„ G MAr.^ VEi,...,E„_i G Vi G {!,..., n| VM* G 
Ml [ (Ml, El, . . . , Ml, . . . , E„_i, M„) is a path in NAStSp if and only if 3Mi G 
Mi,...,Mi_i G Mi_i,Mi+i G M,+i,...,M„ G M„ 3Ei G Ei,...,S„_i G 
E„_i such that {Mi,Ei, . . . , Mi, . . . , E^-i, M„) is a path in StSp ] . 
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The information we are losing in NA state spaces is obviously not important 
when we are dealing with isolated states only. On the other hand, if we need to 
be able to explore sequences of states and events, this information might become 
necessary even if we do not consider concrete names of instances to be important. 
This is because it can be useful to know how a particular instance given by its 
identifier within some arbitrarily chosen representative of the appropriate NA 
state behaves within the events surrounding the state being examined. However, 
if we need the information, which is lost in NA state spaces, it is not difficult 
to preserve it. For this reason, we define the so-called complete name- abstracted 
state spaces (CNA state spaces). 

We define CNA state spaces as labelled NA state spaces. Every NA state 
will be labelled by a tuple consisting of a representative marking belonging to 
the equivalence class represented by the NA state and a set of self-renaming 
permutations (i.e. permutations which map the representative marking to its- 
elf). Every structural transition will be labelled by a set of tuples consisting 
of a representative event and a renaming permutation. We require that every 
representative event must be Arable from the appropriate representative source 
marking leading to the appropriate representative target marking after apply- 
ing the given renaming. Furthermore, every event Arable from the representative 
source marking and leading to a marking equal up to renaming to the represen- 
tative target marking must be derivable (up to the name of an eventually newly 
arising instance) from some of the representative events via a permutation from 
the set of source self-renaming permutations. Self-renaming permutations can 
decrease the number of target markings we have to process [Jen94]. 

Note that there can exist multiple CNA state spaces for a single NA state 
space. This is because the choice of representatives is not deterministic. However, 
all such CNA state spaces are equal because (as we will mention later) it is 
possible to build the appropriate full state space from all of them. 

In the deAnition of CNA state spaces, we will use a predicate eideq which is 
fulAlled when applied to two “existing identiAer equal” events. Such events can 
diAer only in the identiAer of the newly created object in the case of N events 
and in the identiAer of the newly started method net instance in the case of F 
events. 

Definition 4 (Complete Name- Abstracted State Spaces). 

Suppose we have an OOPN with its set of markings MA, its set of events 
EV , and its set of renaming permutations II. We define the complete name- 
abstracted state space (CNA state space) of OOPN to be the triple CNAStSp = 
{NAStSp, m, e) such that: 

1. NAStSp = {Sn,Tn, An, [Mq]) is the NA state space of OOPN . 

2. m : Sn — >■ MA x 2^ such that VM G Sn [m(M) = (M, <P) {M G M A 
V(/? G [g‘^{M) = M])]. 

3. e : Tn — >■ 2^^^^ such that for all (Mi, E, M 2 ) G Tn with m(Mi) = (Mi, ^ 1 ) 
and m(M 2 ) = (M 2 ,<? 2 )> e((Mi,E,M 2 )) is the smallest set such that \/E' G 
EVM'GMa [Mi[E')M' ^ 3(E,7r) G e((Mi,E,M2)) [Mi[E)g^{M2) A3(f £ 
^1 [eideq{E',g‘f{E))]]]. 
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The time complexity of generating CNA state spaces is almost the same as 
in the case of NA state spaces. This is because state representatives and rena- 
ming symmetries must be computed even when generating NA state spaces. The 
only difference is that, in the case of NA state spaces, the computed renaming 
symmetries are thrown away after determining the target nodes of particular 
semantic transitions. On the other hand, the information about them is stored 
within CNA state spaces which leads to slightly increased memory requirements. 

Now it is the right time to express the fact that CNA state spaces contain 
exactly the same information as the corresponding full state spaces. In other 
words, it is possible to obtain a full state space from its CNA- variant. These are 
the contents of the below proposition. Its proof (skipped here) would be based 
on showing how the full state space can be derived from its CNA-version. 

Proposition 3. Let us have an object-oriented Petri net OOPN with its CNA 
state space CN AStSp and its set of renaming permutations 77. Then it is pos- 
sible to reconstruct the full state space of OOPN from CN AStSp and 77. 

NA state spaces remove all the redundancy associated to names of dyna- 
mically appearing and disappearing instances and thus can save more memory 
than the attitudes based on sophisticated naming rules. This is a consequence 
of always ignoring all the different possibilities of identifying uninterchangeable 
instances within otherwise identical states without any respect to the way how 
they were created. At the same time we know that this is not the case of using 
sophisticated naming rules where the order in which the instances characteristic 
by their contents or by the way they are referred to from the rest of the system 
is significant. This implies that an exponential number of classical states can be 
folded onto one name-abstracted state (or its representative). 

The source of the above reductions is less significant when using partial order 
reduction techniques. However, even in this case, it is not guaranteed that all the 
redundancies stemming from the naming problem are fully removed. Limitations 
of partial order techniques were already mentioned at the end of subsection 3.2. 
The idea that renaming symmetries can remove some redundancies preserved by 
sophisticated naming rules combined with partial order techniques can also be 
supported by the fact that it is generally advantageous to combine partial order 
reduction methods and methods based on symmetries [Val98]. This is because 
they fight against different sources of redundancies in state spaces. 

So, it seems that renaming can save more memory than sophisticated naming 
rules, even in the case of using partial order reduction. On the other hand, we 
might have to pay for using renaming quite a lot in terms of the time complexity 
because testing systems of objects to be equal up to renaming can multiply the 
overall time of generating state spaces by 0(n!) where n is the maximal number 
of concurrently existing instances. Fortunately, this is the worst case scenario 
only and we can usually decrease the time complexity using intelligent construc- 
tion of models and some heuristics briefly mentioned in the next subsection. 
These heuristics are based on renaming insensitive hashing techniques decrea- 
sing numbers of states to be compared and on exploiting the structure of states 
for selecting instances whose identifiers it is sensible to permute. 
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As a conclusion, we can say that more studies are still needed to answer 
the question whether and in which cases it is better to allow bigger memory 
consumption and when to use name abstraction. 

3.4 Generating State Spaces of OOPNs 

In the context of OOPNs, the efficiency of the classical algorithm of generating 
full state spaces [Jen94] as well as its plain or partial order reduced depth first 
variants typically used for formal verification [Pel96] can be improved in several 
ways supposed in [VojOO] and briefly mentioned below. 

Reducing Numbers of States to be Compared. We can save a lot of time by 
decreasing numbers of states to be compared. This can be achieved by represen- 
ting state spaces as hash tables indexed via hash functions working over states. 
The employed hashing procedure must be insensitive to the mechanism of name 
abstraction which can be fulfilled when we replace instance identifiers by the 
appropriate typing information plus eventually some associative identification of 
the instances based on their trivial marking. 

Improving the Efficiency of Testing the Renaming Equivalence. The worst 
case complexity of testing the renaming equivalence cannot be decreased, but 
the average one can be improved by exploiting the structure of states instead of 
blindly testing all permutations of identifiers. The basic principle of this is first 
trying to match the identifiers which are present in somehow unique tokens. 

More Efficient Garbage Collecting. The definition of OOPNs makes garbage 
collecting a part of every event. However, this computation is not necessary in 
every step because not every step makes some instance obsolete. Events which 
can cause a loss of some instance can be detected according to the way they 
work with transition and port variables. 

Computing Enabled Events in an Incremental Way. The set of events enabled 
in a state can be computed in an incremental way starting with the set of events 
enabled in a predecessor state of the given state and just adding or removing 
some events according to re-checking the firability of some transitions. More 
precisely, we have to examine all the transitions which are connected to at least 
one input place whose marking was changed. Furthermore, we have to check 
transitions whose guards can use objects whose state was changed in a visible 
way. An object is changed in a visible way if there is a port in the class of the 
object which can read the contents of an object net place whose marking within 
the object was changed or which contains a visibly changed object. 

4 Specifying Properties of Systems To Be Evaluated 

In this section, we discuss different ways of specifying properties to be evaluated 
over state spaces of systems being examined using OOPNs. 

Most of the common ways of specifying properties to be checked over state 
spaces of models based on different modelling languages [Val98] can be used in 
the context of OOPN-based models, too. We can think of using the following 
attitudes: 
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— evaluating state space statistics such as numbers of states, numbers of stron- 
gly connected components, bounds of places, Petri net live transitions, etc., 

— proposing a versatile state space query language allowing for user-controlled 
traversing through state spaces examining the encountered states, 

— instrumenting models by property labels such as end-state labels, progress 
labels, assertions, etc. or by property automata, 

— using a high level specification language such as some temporal logic. 

Most of the above listed attitudes have to be slightly accommodated for 
the context of OOPNs and their state spaces. For example, bounds of places 
of OOPNs should be computed separately for particular instances and then 
a maximum should be chosen, particular property labels should be joint in 
a suitable way either with places or transitions of OOPNs, etc. However, there 
arises one more general problem here which influences almost all of the mentioned 
attitudes (more precisely all of them up to state space statistics) . This problem 
is querying particular states and events of OOPNs. 

The main problem to be solved when querying states and events of OOPNs 
stems from the dynamism of OOPNs. We have to prepare tools for exploring 
properties of sets of states and events in a way which respects the fact that the 
sets of existing instances, their names and relations can be different in every 
encountered state and cannot be fully predicted. Therefore it is not possible to 
use as simple queries as e.g. in Design/CPN, such as “take the marking of some 
place p from the static net instance unambiguously identified by id” . 

Within a prototype of an OOPN state space tool, we have suggested a solu- 
tion of the above problem based on two groups of functions. First of all, we use 
the so-called instance querying functions. They allow us to begin with the unique 
initial object net instance or with sets of the just existing instances of certain 
nets given statically by their types. Subsequently, they allow for recursively deri- 
ving sets of the net instances or constants straight or transitively referenced from 
the already known instances via the marking of some of their places or transiti- 
ons. There also exists a function returning the set of method net instances just 
running over some given objects. (Objects are represented by the corresponding 
object net instances here.) 

Instance querying functions are intended to be combined with the so-called 
set iterating functions in order to obtain the appropriate characteristics of sta- 
tes. Set iterating functions allow for searching somehow interesting instances or 
constants in the sets of them returned by the instance querying functions. We 
can for example take all the just existing instances of some net, select the ones 
which contain some constant in some place, and then go on by exploring some 
other instances referenced from the selected ones. 

So far we have been speaking about functions for querying OOPN states only. 
However, examining events seems to be a little easier. It is enough to have tools 
for accessing the particular items of events, i.e. their type, the transition they 
are bound to, the instance they are firing in, and the appropriate binding. 

The functions for querying states and events can be straight used as a part 
of a versatile OOPN state space query language for examining the encountered 
states and events. Moreover, they can be used for describing terms embedded 
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in temporal logic formulae specifying properties of systems to be verified over 
their OOPN-based models. Finally, they can also be applied when specifying 
legal termination states, progress events, or system invariants. 

We will now a little more describe some of the instance querying functions. 
We describe them in the form of Prolog predicates as they are declared in the pro- 
totype tool using them. They all take the current state to be implicit and return 
the result via their last parameter. The predicate init(Is) returns the set with 
the initial object net instance. The predicate inst (Cs ,Ns , Is) returns the set of 
the just existing instances belonging to the nets from the set Ns and running over 
objects belonging to the classes from Cs. The predicate token(Is,Ps,Cs,Ms) re- 
turns the set of tokens belonging to the classes from Cs and stored in the places 
from Ps within the instances from Is. The predicate invoc(Is,Ts,Cs,Ns,Bs) 
returns the set of invocations of the transitions from Ts within the instances from 
Is. The invocations are represented by the appropriate bindings and only the 
ones are selected which launch nets from Ns over objects of the classes from Cs. 
Finally, the predicate over(Isl,Ns,Is2) collects all the instances of the nets in 
Ns which run over the objects in Isl. 

Out of the group of the set iterating functions, we can mention for example 
the following ones. The predicate sforaII(S,X,P,Y) returns true in Y iff the 
predicate P over X is fulfilled over every element of the non-empty set S whose 
elements are one-by-one bound to X. Otherwise, a counter-example is found and 
bound to Y. The predicate seIect(Sl,X,P,S2) selects all the elements X from 
SI which fulfill the predicate P over X. 

Let us now present a very simple example of examining states of OOPNs. 
Below we define a predicate ex_depth(N) allowing for finding out whether some 
of the stack instances in the model from figure 1 can grow up to a given depth. 
A check whether an arbitrary stack can become deeper than — 1 can than be 
implemented by a state space query which evaluates the predicate ex_depth(N) 
over every state and collects the states where it holds. A more abstract approach 
would be checking the validity of the CTL formula EF ex_depth(N). 

ex_depth(N) 

inst( [stack] , [[stack, object]] , S) , 

seIect(S,Si, (tokenC [Si] , [st] ,all, [L] ) ,Iength(L,N)) ,SN) , 
emptyCSN, false) . 

5 Conclusions 

We have briefly described the notion of object-oriented Petri nets and some of 
the problems accompanying generating their full state spaces. We have especially 
mentioned the phenomenon of worsening the state space explosion problem due 
to working with identifiers of dynamically arising and disappearing net instances. 
Two possible approaches of dealing with the identifiers, namely sophisticated 
naming rules and name abstraction, have been described and compared. 

We have also discussed a method allowing for asking analysis or verification 
questions over OOPN state spaces. This method avoids referring to uninteresting 
and unknown concrete names of instances. 
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The notions included in the article are supposed to be exploited within formal 
analysis and verification on suitably reduced OOPN state spaces which is one of 
the goals of our future research. We further intend to do more research on using 
OOPNs for modelling distributed systems, and especially the software ones. 
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Abstract. This paper addresses the possibility of representing and sim- 
ulating Petri Nets using an Artificial Intelligence formalism for Reason- 
ing about Actions and Change called Generalized Magnitudes. As a re- 
sult, we obtain an alternative logical-based formalization for Petri Nets, 
allowing to apply common techniques in Reasoning about Actions and 
Change in the analysis of Petri Nets models. Futhermore, we provide the 
alternative of representing concurrency and synchronization in a Gener- 
alized Magnitudes system using a Petri Net. 



1 Introduction 

The formal study of evolving systems has been tackled under many different 
perspectives and inside independent (and frequently too disconnected) research 
areas. Despite of this lack of interconnection, it is interesting to note how differ- 
ent approaches, and specially, different representational formalisms, share many 
features thanks to a common underlying domain: dynamic systems. Two of the 
areas for which some interrelation results have been established are Temporal 
Reasoning in Artificial Intelligence (AI) and Systems Modeling and Simulation. 
For instance, in previous works [1,5,6] a strong relationship between the Gen- 
eralized Magnitudes (GMs) AI formalism and Discrete Events System, s repre- 
sentations (under DEVS formalism) was studied, leading to the introduction of 
new AI features into Computer Aided Systems Theory. 

In this paper we continue these interconnection studies analysing the relation 
between the already mentioned framework for temporal reasoning (GMs) and a 
well-known formalism for dealing with concurrency and synchronization: Petri 
Nets [8,9]. More concretely, we study the representation of low-level Petri nets 
in the GMs formalism. 

As a result of this study, we obtain benefits for both formalisms. In the GMs 
side, we extend the range of applicability (temporal expert systems, DEVS, etc), 
making it feasible to build hybrid systems where the concurrency and synchro- 
nization tasks are modeled as Petri Nets. In the Petri Nets side, the represen- 
tation in GMs provides an alternative theoretical reformulation for Petri Nets 
thanks to the logical formalization of GMs called L? [7], and used for Reasoning 
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about Actions and Change. The translation of a Petri Net specification into an 
action theory, allows applying to Petri Nets common techniques in Reasoning 
about Actions and Change {explanation, planning,...). Another additional ad- 
vantage, which will be analysed in future work, is the improvement in efficiency 
aspects for simulation of Petri Nets due to the efficiency features [2] for execution 
of GMs systems that have been incorporated to the practical shell Medtool [4]. 

This paper is organized as follows. In section 2 and 3, we recall the basic 
definitions and foundations of the Petri Nets and GMs formalisms. Section 4 gives 
a complete description of how to represent Petri Nets in the GMs formalism and 
how the simulation can be performed. We outline some ideas about representing 
Timed Petri Nets and Coloured Petri Nets in section 5. In section 6. we show how 
AI techniques can be applied to a Petri Net represented in the GMs formalism. 
Finally, in section 7, we present some conclusions and address future directions 
of work. 

2 Petri Nets 

Although we assume the reader is familiar with basic Petri Nets concepts, we 
will recall some basic definitions [8, 9] in order to make this paper self-contained. 

A classical Petri Net is a bipartite directed graph which consists of two node 
types called places (represented as circles) and transitions (represented as bars). 
Places can only be connected to transitions and vice versa. A place p is called 
an input place of a transition t if there exists a directed arc from p to t, whereas 
p is called an output place of t if there exists a directed arc from t to p. Arcs can 
be labeled with a positive integer number called the arc weight. 

Definition 1 (Petri Net) A Petri Net is a 4-tuple J\f — (P,T,I,0) where P 
and T are two finite and non-empty disjoints sets of places and transitions, and 
I and O are the input and output incidence functions from P X T to the set of 
positive integer numbers. □ 

The dynamic behaviour of the modeled system is represented by tokens flow- 
ing through the net. A token is graphically represented by a dot inside a place. 
Each place may contain zero or more tokens, and its number may change during 
the execution of the net. A m,arking of a Petri Net is the distribution of tokens 
at a given time. 

Definition 2 (Marking) Let A/" = (P,T,I,0) be a Petri Net. A marking M 
from P to positive integers, A4 : P — >■ N“*“ is an assignment of tokens to the 
places of jV". We write (A/", A4) for a Petri Net A/" with marking A4 □ 

A transition t is enabled if each of its input places contains at least as many 
tokens as the weight of the arc connecting it with t. Formally: 

Definition 3 (Enabled transition) Let J\f = (P, T, I, O) be a Petri Net with 
marking A4, f G T a transition and Ai{p) the number of tokens contained in 
some p £ P. The transition t is enabled in (A/", A4) if and only if Vp G P : 
M{p)>I(p,t) □ 
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A transition t may be fired whenever it is enabled. In most of cases, it is 
required the arrival of an event to fire an enabled transition. Firing a transition 
means removing from its input places as many tokens as the weight of the corre- 
sponding input and, simnltaneosly, adding as many tokens as the weight of the 
arcs to each output place. 

Definition 4 (Firing a transition) Let J\f = (P. T. I, O) be a Petri Net with 
marking A4, A4(p) the nnmber of tokens contained in p G P and t G T an 
enabled transition. Firing the transition t in (jV, A4) results in a new marking 
M' given by M'(pi) = M(pi) - I (pifi) + 0(pifi). □ 

Sometimes. Petri Nets contain a special type of arcs called Inhibitor Arcs [8, 
9] which allow incorporating negative preconditions to transitions. A place p is 
called an Inhibitor Place of a transition t iff there exists an inhibitor arc from 
p to t. A Petri Net with inhibitor arcs is called an Inhibitor Petri Net. In these 
nets, a transition t is enabled by a marking A4 iff not only every input place pi 
of t contains at least I(p,ti) tokens, bnt also every inhibitor place contains zero 
tokens. 

3 GMs Formalism 

The GMs formalism is intended for temporal representation and deals with 
causality in reasoning about actions and change. Briefly, it consists in a mod- 
ular representation in which the basic units are called Generalized Magnitudes 
(GMs). These units are used for characterizing the properties and the relation- 
ships of the domain. A GM is defined by a name and the set of values it can 
take in different situations (only one of them at eaclr moment). Knowledge is 
represented by attaching a Knowledge Expression (KE) to GMs. A KE is an 
expression containing the nsnal relational, arithmetic and logical operators, pins 
a conditional constructor if; all of them applied to other GMs or to their previ- 
ous value (using the operator previous). Each KE is always directed towards a 
single GM, being the unique and complete way of obtaining its value. The value 
of a GM can be set directly too, providing input facts, which play the role of 
actions. 

An implicit causal relation is defined between a GM B and the GMs A{ 
ocurring in its KE. We say that Ai may cause B. or more appropriately, B 
depends on A{. This causal relation allows to establish an ordered evaluation 
of the KEs and to identify the relevant part of the knowledge base. Gansality 
is used both for the non monotonic assumption of inertia and for computing 
ramifications in a directional way, in a similar way as proposed in [10]. If a 
GM depends directly or indirectly on an input fact, it is said to be pertinent. 
Otherwise, it is said to be persistent - the inertia principle is applied to it and 
so, it maintains its previous value. The expression pert (A) can be used in a KE 
for checking whetter a given GM A is pertinent at the current evaluation. 

The evaluation of the KEs occurs at discrete time instants located in a con- 
tinuos time basis. A special event (now) is defined to represent the time point 
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of file current evaluation (timeof (now)). The new GMs values obtained at the 
evaluation (i.e. the pertinent values) will have this temporal instant as an as- 
sociated time. An operator, timeof (A), allows referring to the associated time 
of a given GM A, maintaining at every moment, the instant in which A took its 
current value. 

4 Petri Nets Modeling and Simulation in the GM Scheme 

In this section we introduce the translation process for representing a Petri Net 
inside the GMs formalism. First we propose an equivalence between the basic 
concepts of both formalisms. 

4.1 Representation of Places and Transitions 

Places are represented with numeric GMs. A single GM is created for each place 
in the network. The value assigned to this GM represents the number of tokens 
contained in the represented place. The KEs of this kind of GM are in charge of 
the computation of the next distribution of tokens after transitions are fired. 

Transitions are represented with a pair of boolean GMs. The first GM de- 
termines the transition state, i.e. whether it is fired or not. The other one is 
an input fact and it represents the arrival of the associated external event that 
eventually fires the corresponding transition. 

Therefore, given a transition t with input places Pin{i) and output places 
Poutij)^ we define the GMs event_t and fire_t. The KE of this last GM will 
be: 



fire_t: event_t and A”:=i previous (pi„(f)) > l(pin(i) ,t) ; 

where Pin(i) represents the GM defined for each input place of t. We obtain 
the previous value of the GM applying the previous operator. 

The KEs of the GMs defined for representing places must compute the num- 
ber of tokens after transitions are fired. Given a place p being an output place 
of tin(i) transitions and an input place of toutij) transitions, a GM p with the 
bellow KE is defined: 

p: previous (p) + 

+ * (pert(/fre_ti„(i)) and 

- * (-pert if ire and fireJ.out{i)')', 

Inhibitor Petri Nets can be represented easily in the GMs formalism changing 
properly the KE of transitions and places connected by inhibitor arcs. In GMs 
representing the firing conditions we must check that inhibitor input places are 
empty. That is, 

fire_t: event_t and Afci pi'evious(pi„(f)) > lipin{i),t') and 
AIL™+i previous (A) ^ 0; 
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The KE expression of the inhihitor place must guarantee that the number of 
tokens remains to zero, and therefore, we need to add the next line to the KE 
representing the inhibitor place connected to the transition tout{j)- 

0 if pert(/ire_to«i(j)) and fireJout{j)', 



4.2 An example 

We show the translation of a Petri Net to the GMs formalism with the next 
example (from [ 9 ]). Let ns suppose two wagons C\ and C2 moving along the 
segments A — B and C — D respectively. Initial positions are A and B. When a 
button M is pushed both wagons begin moving to points C and D perhaps at 
different velocities. The return to the initial positions is only started when both 
wagons have already reached points C and D. 




Fig. 1. A Petri Net for the wagons example. 



Figure 1 shows a Petri Net modeling the proposed example. The transition M 
represents the button pushing, whereas A. B, C and D represent the arrival of the 
wagons to each corresponding point. The transition W represents that the two 
wagons are in points B and D. The places ri, r2, li and I2 represent that the 
corresponding wagons are moving to the right or to the left. The waiting of the 
wagons until the bnttom M is pushed is modeled with places fi and ±2 - Finally, 
places wi and W2 are used to guarantee that both wagons are on the right side 
before they return to their initial positions. 

The corresponding representation of this Petri Net in the GMs formalism is 
shown in figure 2 . Note that we want the transition W to be fired automatically 
when the two wagons are on the right side, without need of any external event. 
Therefore, we need to make a new system evaluation without inputs facts. In 
this evaluation the transition W is fired, removing one token from places wi and 
W2 and adding another token in places li and I2. Note that the KE of the GM 
representing the transition W includes the expression timeof (now) instead of the 
test for the arrival of an external event. It gives pertinence to GM fire_W even 
if there is not any input fact and allows checking whether W can be fired. 
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gm event_A ]• 
gm event_B -C > 
gm event_C -C > 
gm event_D •{ ]’ 
gm event_M •{ ]• 



gm fire_A •{ event_A and previous (11) >= 1; D- 
gm fire_B •{ event_B and previous (rl) >= 1; ]’ 
gm fire_C •( event_C and previous (12) >= 1 ; "} 
gm fire_D -C event_D and previous (r2) >= 1 ; "} 

gm fire_M •{ event_M and previous (fl) >= 1 and previous (f 2) >= 1; D- 
gm fire_W •{ timeof(now) and previous(wl) >= 1)) and previous(w2) >= 1)); 



gm rl •{ previous (rl) + 1 ♦ 
gm r2 •( previous (r2) + 1 ♦ 
gm fl -C previous (fl) + 1 ♦ 
gm f2 •( previous (f 2) + 1 ♦ 
gm il *C previous (11) + 1 ♦ 
gm i2 •{ previous (12) + 1 * 



(pert (f ire_M) and fire_M) 
(pert (f ire_M) and fire_M) 
(pert(fire_A) and fire_A) 
(pert(fire_C) and fire_C) 
(pert (f ire_W) and fire_W) 
(pert (f ire_W) and fire_W) 



1 * 
1 * 
1 + 
1 + 
1 + 
1 ♦ 



(pert (f ire_B) 
(pert (f ire_D) 
(pert(fire_M) 
(pert(fire_B) 
(pert (f ire_A) 
(pert (f ire_C) 



and f ire_B) ; 
and f ire_D) ; 
and f ire_M) ; 
and f ire_B) ; 
and f ire_A) ; 
and f ire_C) ; 



> 

> 

> 

> 

> 

> 



gm wl •( previous (wl) + 1 ♦ 
gm w2 •( previous (w2) + 1 ♦ 



(pert(fire_B) and fire_B) 
(pert (f ire_D) and fire_D) 



1 * (pert(fire_W) and f ire_W) ; } 
1 * (pert (f ire_W) and f ire_W) ; } 



Fig. 2. A GMfi specification for the wagons example. 



4.3 Simulation 

The execution of the Petri Nets is controled hy the mimher and distribution of 
the tokens and the events that eventually fire the transitions. The GMs repre- 
senting tlie arrival of events determine the steps in the simulation. For each set 
of external events (that become system input facts) a new evaluation is done. 
Internal transitions can also force a new evaluation without input facts. 

When an evaluation occurs, the inference engine tries to apply the relevant 
KEs in order to obtain new values for the pertinent GMs. When representing 
Petri Nets, the pertinent GMs will be those ones representing the transition 
associated to the event, and those ones representing the input and output places 
connected to that transition. As a consequence, the simulation process is locally 
restricted and tlierefore is very efficient. 

Pertinence is widely used in the KEs of the GMs for places and transitions, 
and is used to establish the relevant part of the net that must be analysed. In 
this way, the amount of computations is drastically reduced, since it is usual 
tliat large nets imply in practice a small deal of clianges after each set of events. 

Note tliat tlie events correspond to actions in our formalism, and the number 
of tokens in each place along with the transitions states correspond to fluents. 

5 Representing other Petri Nets Formalisms 

Tlie classical Petri Net model lias been used in many application areas. Many 
authors have developed new extensions and classes of Petri Nets. In this section 
we outline several guidelines to represent them in the GMs formalism. 
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5.1 Timed Petri Nets 

Petri Nets theory was one of the first concurrent formalisms for dealing with real- 
time by using an extension known as tim,ed Petri Nets. An important property 
of the GMs formalism is that it allows reasoning along time, making inferences 
about the evolution of the modeled domain. We can take advantage of this 
property to represent Timed Petri Nets. 

Several concepts of Petri Nets with time have been proposed assigning for 
instance firing times to the transitions and/or places [11]. In t-tim,ed nets, de- 
terministic firing times are assigned to transitions. Each transition takes a time 
to execute its firing. When a transition t is enabled, a firing can be initiated by 
removing tokens from input places. After the firing time, tokens are added to 
the output places. 

The representation of this kind of Petri Nets in the GMs formalism requires 
the use of the timeof operator. In order to add tokens to an output place p of 
transition tin(i) after a time tt(i) we define the GM for p as: 

p: previous (p) 

* (firej,in(i) and (timeof (now) = timeof (/f're_fi„(f)) + 

- E™iKp. tout(i)) * (pert(/fre_fo«t(f)) and fire-t„ut(i)'); 

At the end of a given evaluation, the system is able to compute which new 
value of timeof (now) would cause some condition to change its truth value, and 
automatically advance the simulation until such moment. ^ 

In our example, once fire_t becomes pertinent, the system would conclude 
that the next activation time should be timeof (fire _t) + tf and would fire 
a new transition at that moment. The output places would be modified at his 
delayed evaluation. 

There exist, however, some limitations when using this mechanism which 
are still under study. The main drawback to be solved is that the autonomous 
activation only allows a single next activation and not a set of them. This disables 
the possibility, present in timed Petri Nets, of firing a delayed transition when 
the previous firing has not been executed yet (this would imply storing the two 
delayed evaluations). 



5.2 Coloured Petri Nets 

The classical Petri Net definition is inadequate for modeling most of the cur- 
rent real systems, which are usually very complex and extremely large. To solve 
this problem, higher level nets as Coloured Petri Nets (GPNs) [3] have been 
introduced. 

GPNs are a combination of Petri Nets, (for the description of the synchro- 
nization of concurrent process), and programming languages, that provide the 

^ For a more detailed study of this feature, called autonomous activation, see [5]. 
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flexibility of the deflnition of data types and the mechanism for manipulating 
the data values. 

As opposed to classical Petri Nets, in CPNs each token carries a data value. 
Places have associated types, which can be arbitrarily complex, and that char- 
acterize the class of tokens they contain. Transitions and arcs may have also 
an associated expression that is applied to the tokens. In CPNs, a transition is 
enabled when in its input places there are as many tokens as determined by the 
arc expressions and, its associated expression, if defined, is satisfied. When an 
enabled transition is fired, the determined tokens are removed from the input 
places and the tokens indicated by the arc expressions are added to the output 
places. 

The representation of CPNs into the GMs formalism can be very complex 
and large. Whereas in classical Petri Nets it is only needed to represent the 
number of tokens in each place (and therefore we can use a single CM), in CPN 
we must store also the value associated to each token. As only numeric or text 
GMs can be defined, we would need a different GM must be defined for each item 
of a complex data type. In CPNs we must represent implicitly each token. The 
main problem representing CPN arises when the number of tokens in a place 
is unbounded. This would require to define new GMs dynamically during the 
evaluation, and this feature is not allowed in the GMs formalism. 



6 Planning in Petri Nets 

As explained before, the availability of a logical formalization for GMs formalism, 
allows applying common AI techniques to Petri Nets when represented in GMs. 
As an example we show in this section how planning techniques can be applied. 
Given an initial and a goal situation, a planning problem tries to provide a 
plan which specifies the sequence of inputs that, starting at the initial situation, 
causes the system to pass through several intermediate situations until reaching 
the goal one. A single planning problem may be solved by differents plans. 

In the GMs formalism, the planning process will rely on a goal-driven al- 
gorithm that should deal with a dynamic domain and temporal sequences of 
situations. Facts contained in the goal state are seen as wanted effects. Thus, for 
each wanted effect, its associated knowledge expression is analysed backwards, 
obtaining the possible causes that can make such fact true. Then, these causes 
become new goals to be satisfied, repeating this process iteratively, building a 
tree, until no new assumptions can be done. At that point, the reasoning for 
the current state has finished. The planner examines now if the leaf solutions 
include a reference to the previous operator. If this is so, the process goes on 
at a precedent state. The goal for the precedent state is constructed with all the 
facts affected by the previous operator in the current state. When a solution is 
consistent with respect to the initial state, the branch is not expanded any more 
and we obtain a valid plan. 

Figure 3 shows the initial marking of a single Petri Net which has been rep- 
resented in the GMs formalism as indicated in section 4 (see figure 5). However, 
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Fig. 3. Initial marking of the Petri Net. 




Fig. 4. Two final markings. 



and in order to make more understandable the planning process, we assume that 
places can have at most one token, and therefore we can make a propositional 
description of the Petri Net. We want to know what could have happened to 
reach another marking where we only know that place ps has one token. Figure 
4 shows two possible reachable states from the initial one depending on which 
transition A or B is fired. 

The planning process of the GMs formalism, given the above data, obtains 
(see figure 6) two valid ways of reaching the goal: (1) the arrival of an event that 
fires transition A; and (2) the arrival of an event that fires B. 



gm event. A -C > 
gm event _B •{ ]’ 

gm fire.A -C event.A and previous (pi) ; > 

gm fire_B •( event_B and previous (pi) and previous (p2) ; > 

gm pi -C false if (pert (f ire.A) and fire.A) or (pert (f ire_B) and f ire_B) ; 3- 
gm p2 *C false if (pert(fire_B) and f ire_B) ; > 

gm p3 *C true if (pert(fire.A) and fire.A) or (pert(fire_B) and f ire_B) ; > 



Fig. 5. The GMs specification for the planning example. 
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(p3: true} 




{pert(fire_A):true, fire_A:true} {pert(fire_B):true, fire_B: true} 



(previous(pl):true, event_A:true} (previous(pl):true, previous(p2):true,event_B:true} 









sl.l ' 


^ sl.2 ^ 


1 



{plitrue} 



r 

I (pl:true, p2:true} 



Fig. 6. Solutions tree for the planning example. 



7 Conclusions and Future Work 



In this work a study about the integration of two formalisms from two different 
areas has been presented. We have shown that both formalisms can take advan- 
tage from this integration. Specifically, an alternative theoretical reformulation 
for Petri Nets, based on a logic for Reasoning about Actions and Change was pre- 
sented. This allows to apply common techniques on Artificial Intelligence (such 
as explanation, planning, ...) to Petri Nets represented in the GMs formalism. 
Moreover, simulation with Petri Nets can benefit from efficient features of GMs. 
We have seen that the use of 'pertinence can optimize the simulation process, 
restricting the part of the knowledge base to be considered in each evaluation. 
Finally, we can directly apply developed techniques on concurrent evaluation of 
GMs. For the GMs formalism, we have introduced an hybrid system where tasks 
of concurrency and synchronization can be modeled as Petri Nets, represented 
in the GMs formalism. 

Given that low level Petri Nets are not up to the task of modeling complex 
systems, we will try to represent in the GMs formalism Coloured Petri Nets. 
Therefore, our future work is focused on solving the main problems when repre- 
senting GPNs. In this way, we will study how dynamic creation and deletion of 
GMs can be added to the formalism. We must establish some important points 
about when GMs are created or deleted (during the evaluation or after it), when 
they can be evaluated for first time, etc... 

Besides, when trying to emulate Tim,ed Petri Nets some limitations for rep- 
resenting them properly appear in the GMs formalism. A future line of research 
will be the study on how to modify the autonom,ous activation mechanism in 
order to allow several delayed activations. 
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Abstract. The formal proof of properties of a system hrst requires the 
expression of the behavior of the system into a formal language. 

The scope of this paper is the simplification of the proof procedure of 
properties of systems which are represented by discrete time models (Fi- 
nite State Machines or extensions) The formulas which are manipulated 
are decomposed and the global proof is reduced to the study of a small 
subset of elementary proofs. This method was obtained by re-using some 
work developed in the framework of the management of the Path Con- 
dition in Symbolic Simulation. 



1 Introduction 

The goal of this paper is to lower the complexity of proof procedures which are 
involved in the verification process of discrete time models (Finite State Machi- 
nes and extensions) which are based on the formal manipulation of temporal 
logic formulas. Some simplification using previous work developed within the 
framework of symbolic simulation are proposed. 

The Path Condition concept for Symbolic Simulation will first be presented. 
Then, a method which uses temporal logics for proving properties on discrete 
time models will be shown. Finally, the Path Condition concepts will be applied 
on the former proof process in order to simplify it. 

2 Symbolic Simulation and the Path Condition 

2.1 Symbolic Simulation vs. Numerical Simulation 

Symbolic simulation consists in simulation in which the data which are mani- 
pulated (e.g. inputs) remain symbolic and do not necessarily have a numerical 
value. 

The main advantage of this approach (with respect to classical simulation) 
is that a symbolic simulation run gathers a (possibly infinite) set of numerical 
simulation runs. 



F. Pichler, R. Moreno-Diaz, and P. Kopacek (Eds.): EUROCAST’99, LNCS 1798, pp. 116-126, 2000. 
© Springer- Verlag Berlin Heidelberg 2000 
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This technique obviously increases the power of simulation, but a problem 
for managing conditions arises. Indeed, a symbolic simulation run has to execute 
conditional actions (i.e. choose an execution branch of the execution tree). If the 
encountered condition cannot be directly evaluated (because the variables which 
are involved have a symbolic value), the user must decide the truth value of this 
condition and the execution can then continue. 

But it may happen that the choices which have already been made on the 
execution path contain the value of the current condition. In this case, the user 
should not intervene. This constitutes the purpose of the Path Condition mana- 
gement [LAR92,LAR93]. 

2.2 The Path Condition Management 

The Path Condition {PC) gathers the truth values of conditions which have al- 
ready been met during the current simulation run. The value of PC is obviously 
True. PC is the logical AND between all the conditions which define the exe- 
cution path. These conditions can involve any types of data (Boolean, integer, 
real, etc.). 

Let (7 be a condition which is met by the symbolic simulator. In order to 
maintain the consistency of the execution, it is necessary to study if PC contains 
the truth value of C or not. In order to do this, the Choice operation and the 
Free Choice variable have been defined. 

The value of the Choice operation > is Boolean. The value of PC \> C is: 

— False if the truth value of C is included in PC {PC D C = True or 
PC D -iC = True), 

— True if the choice of the value of C is free. 

The Free Choice variable FCpc,c is defined as follows: FCpc,c = PC O C. 
The evaluation of FC is decomposed in two steps: 

~ if the definition sets of PC and C are disjoint, FCpc,c is True 

— if the definition sets of PC and C are not disjoint, the solution sets of PC 
and C must be examined. 



2.3 Properties of the Choice Operation 

In order to evaluate the Free Choice variable associated with complex expressi- 
ons, the following properties have been established [LAR92]: 

1. FCpc,CiAC2 = FCpc.Ci V FCpc.c^ 

2 . FCpc,Ci\/C2 = FCpc.Ci FCpc,C2 

3. FCpCi/\PC2,c = FCpCi,c A FCpc2,c 

4. FCpciVPC2,c = FCpci.c V FCpc2,c 

5. FCpciAPC2,CiAC2 = {FCpci.Ci A FCpc2,Ci) V {FCpci,C2 A FCpc2,C2) 

6. FCpciAPC2,CivC2 = FCpci.Ci A FCpc^,C2 A FCpc2,Ci A ACpca.Ca 

7. FCpci\/pc2,CiAC2 = FCpcuCi V FCpc^,C2 V FCpc2,Ci V FCpc2,C2 

8. ACpcivPC2,CivC2 = {FCpci.Ci A FCpci,C2) V {FCpc2,Ci A FCPC 2 .C 2 ) 
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Properties 5 to 8 can immediately be generalized to expressions made up of more 
than two terms. 

It follows that the evaluation of the Free Choice variable can be split into 
very simple subcases. 



3 The Proof of Properties of Discrete Time Systems 

3.1 Formal Representation 

A FSM model is defined by a 5-tuple: 

FSM =< S,X,0,5,\ > where: 

— 5 is a finite, non-empty set of states 

— I is a finite, non-empty set of inputs 

— O is a finite set of outputs 

— 5 is the transition (next state) function: S : I x S ^ S 

— A is the output function: X-.XxS^O 

#S, #I and #0 are the cardinalities of S, I and O respectively. 

Only deterministic machines which obey the following rules are considered: 

— each state has one and only one following state for each relevant input 

— no two distinct inputs can be applied simultaneously 

— no two distinct outputs can appear simultaneously 

Moreover, the machines which are studied are completely specified. This means 
that for all states, the next state and output are specified for all inputs ^ . 



3.2 Expression in Temporal Logic 

The DUX System: DUX is a Linear Time Temporal Logic (LTTL) [GAB80]; it 
is well-known and has been widely used for the verification of programs [AUD90] . 
It constitutes a temporal interpretation of the modal logics defined by Manna 
and Pnueli [MAN82]. The suitability of this tool lies in its expressiveness power, 
and in its properties (completeness and decidability). DUX is defined by: 

— a set of propositional variables: Vp = {p, q,r , . . .} 

— the classical logical operators: -■ (not), A (and), V (or), D (implication) 

— temporal operators: 

unary: O(next), □ (always), <(> (sometimes) 

-k binary: W(until) 

— True, False 



^ Note that it is possible to deal with incompletely specified machines within the 
framework of this model by defining a new type of variable for representing the 
unspecified inputs or outputs 
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The building rules of formulas are: 

(i) Every propositional variable of Vp, True, False are formulas, 

(ii) If A and B are formulas, then 

* -lA, AAB, AVB, AdB 

* OA, DA, <0>A 

* A WB 
are formulas, 

(iii) Any formula is obtained by application of rules (i) and (ii). 

Interpretation: 

— QA (next A) means that ”A will be true in the next (1-future) instant” 

— DA (always A) means that ”A is true for all future instants (including the 
present one)” 

— <(>A (sometimes A) means that ”A will be true for some future instant (pos- 
sibly the present one)” 

— AWB (A until B) means that ’’there is a future instant where B holds, and 
such that until that instant, A continuously holds” 

Remark: We denote by O" the n-future instant. 



Expression of the Behavior of a FSM: Let us consider a machine M. The 
sets S, X and Z are defined as follows [MAG90,MAG94]: 

— S is the set of state type propositions: 

Si G S, Vsi G S', t = 0, . . . , #S — 1, Si is True when the state of M is Si 

— X is the set of input type propositions: 

Xj G X, 'ixj G A, j = 0, . . . , ~ 1) Xj is True when the present input of M 

is ij 

— Z is the set of output type propositions: 

Zk G Z, Vzfc € Z,k = 0, . . . , — 1, Zk is True when the present output of 

M is Ok 

These definitions allow us to describe the temporal evolution of M (by expres- 
sing the behavior of the transitions of M) into the DUX temporal logic, called 
Elementary Valid Formula (EVF). 

Let us suppose that we have S(si,ij) = Sk and \{si,ij) = oi; it follows 

EVF ::= n(si A xj D O^k A Zi) 

whose interpretation is: ”it is always true (D operator) that if Si is the current 
state (and therefore Si is True) and ij is the current input (xj is True), then 
the next state (O operator) will be Sk (sk will be True) and the current output 
is oi (zi becomes True)" . 

It follows that the set of all the EVF’s (each of which expresses the existence 
of a transition of the FSM) provides an equivalent representation of the beha- 
viour of the FSM model. This statement is true if we also take into account the 
set of formulae which represent the determinism constraints. The first set con- 
tains the state determinism concept, which says that at a given time step, there 
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is one and only one current state. This determinism formula can be written, 
using the DUX formalism: 

DFl ::= □ [si D ^Sj]Vj yf i, i, j G {0, . . . , #S - 1} 

Similarly, DF2 and DFi express that at a given time step, the machine cannot 
have two different inputs, and cannot produce two different outputs: 

DFl ::= □ [x, D -■Xj]Vj yf i, i, j G {0, . . . , #X - 1} 

DFl ::= □ [zi D -■ZjJVj yf i, i, j G {0, . . . , #Z - 1} 

Within the framework of a verification process, it is often necessary to consider 
time intervals. This leads to the definition of state, input and output sequences, 
which are noted, respectively: 

sf ::= Si^A QsbA A ... A 

x" ::= Xj,A Qxj^A 0^xj3 A ... A 

zJJ ::= ZkiA QzkaA A . . . A 0”“^Zk„ 

Then, in order to provide the user with a more global view of the system evo- 
lution, first the concept of temporal event (Ft) which represents the possible 
effects of the machine functioning has been defined, and then all the conditi- 
ons which lead to obtaining a given temporal event are gathered into one single 
formula, called Unified Valid Formula {UVF). A temporal event will be a 
future state {Ft = O^i), a future state within n time steps {Ft = 0”si), a state 
sequence {Ft = sP), a present output {Ft = Zk), a n-future output {Ft = O^k), 
or an output sequence {Ft = zJJ). The Unified Valid Formula associated with a 
temporal event Ft is thus: 



UVF{Ft)= V SpAx" 

(p,q):Sp/\x^^Et 



Obviously, an UVF is obtained by formal reasoning on the set of FVF^s. More 
precisely, if the Temporal Event Ft is a next state or an output variable then 
the subset of the FVF’s which contain Ft in the right hand side of the formula 
(after the implication operator) is constructed; UVF{Ft) is then the logical OR 
between the left part of the FVF’s of this subset. 

Furthermore, if the temporal event is a n-future state or output, then the 
former process is performed on the associated 1-future state or present output 
(called F't). UVF{F't) then contains all the possibilities to reach F't within one 
time step; each of them is constituted by the requirement to be into a given 
state and then to apply a given input. In order to obtain UVF{Ft), it is then 
necessary to iterate the process on the states which appear in UVF {F't). 

Similarly, UVF {Ft) can be iteratively built for Ft being a sequence of next 
states or outputs. 
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Note that another method for construction UVF{Et) for any kind of tem- 
poral event has been elaborated using Graph Theory results. It is then possible 
to establish the formula which corresponds to UVF{Et) for Ft being a n-future 
event, the value of n not being fixed but being ’’generic” [CHE97,LAR97]. 



Property of a Fixed Time Step UVF: It is very interesting to note that for 
a ’’classical” UVF (which does not concern generic future but a fixed time step), 
thanks to the determinism properties of the FSM, it is possible to express the 
UVF formula as an exclusive-or between the conditions (this is stronger than 
the or operation which has been shown before): 



UVF{E,)= 0 SpAx" 

(p.gfiSpAx^DBt 



3.3 Verification of Properties 

Let us come back to the goal of this work; it addresses the formal verification 
of properties of systems which are represented thanks to a FSM model. The 
first question to answer is: ’’what kind of properties can be proved?”. To start 
with, the structure of the FSM can be exploited, and properties of some states 
can be of great interest. For instance, it is worth knowing if two states are 
equivalent, or if a state is a source or a sink. More sophisticated properties 
consist in establishing the conditions (on input sequences) to make a state being 
a “functional” sink, even though it is not a structural one, or to generate input 
sequences to synchronize the machine into a given state. 

In most cases, the state evolution of the machine is not available, and the 
only means for the user to get some information on the machine evolution is 
to examine the outputs. So the analysis process of output sequences is very 
important, and a tool for generating input sequences in order to obtain outputs, 
or to distinguish internal states must be provided. 

Last, it seems very important to be able to formally establish the influence 
of a current factor (input or state) on the future evolution. This relates to the 
’’sensitivity” of the future with respect to a present situation or decision. 

The verification method is based on two approaches: 

— In some cases (for some properties), it is sufficient to analyze the EVF’s 
or UVF’s (either search if a given formula exists, or what its form is). For 
example, if Sp is a sink state, it means that all the transitions which leave 
Sp go back to this state. It follows that all the EVF’s which contain Sp in 
their left part must be of the form: 

EVF ::= □ (si A xj D Qsp A zi), for all xj. Similarly, if Sp is a source state, 
it means that if there exists some transitions whose destination is Sp, they 
come from Sp. The consequence is that either UVF{ Qsp is empty, or that 
it has the following form: 

UVF{ OSp = V(spAxj). 
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— Unfortunately, this approach of verification based on the study of EVF's 
and UV F’s is not sufficient for analyzing the influence of the present on the 
future. This is the reason why a formal tool for analyzing the sensitivity has 
been defined: the Temporal Boolean Difference. 



Temporal Boolean Difference: The Temporal Boolean Difference (TBD) is 
the extension of the classical Boolean Difference [KOH78] defined on proposi- 
tional logic, to temporal logic, especially the DUX system [MAG 90, MAG 94]. 



Definition 1. The Temporal Boolean Difference of a function f with respect 
to a variable Vq is defined as the exclusive or between the restriction of the 
function with Vq set at True and the restriction of f with the variable Vq set at 
False. Then the representation of the influence of the variable Vq on a function 
f{vi, ...,Vq,...,Vn) is: 

df 

7 — = /(ui, . . . , False , . . . , u„) © f{vi, True, ...,Vn) 

OVq 

The result is a formula which contains the conditions for Vq to make / change 
value when itself changes value. It is called the sensitivity of / regarding Vq. 

For example, he representation of the influence of having Sj as current state 
in order to be in in n time units is: 



dUVFjO^Sh) 

9sj 



Ci(sj) © C't(-'Sj) 



Ci(sj)= V 

(i):sjAxi’»DO”Sh 

Gt(-'Sj) = \J [SkAXm”] 

(fc,m):fc5^j,SkAx„"DO"Sh 

C't(sj) is the set of all the sequences of (xj) with the origin state sj which permit 
to obtain 0"sh- Ct(“'Sj) is the set of all the sequence of (xi) with the origin 
state Sk where Sk sj (sk G S) and which also permit to obtain 0”sh- 

We note DVF{Ft,v) the Derived Valid Formula of Ft with respect to v. 
So DVF{Ft,q) is: 

The result of the calculation of DVF{Ft,q) can be: 

— False. This means that UVF{Ft) is independent of q; in other words, the 
fact that q changes value has no influence on the fact that Ft will occur or 
not 

— not False. In this case, we obtain a Temporal Logic formula which expresses 
the sensitivity of UVF{Ft) to changes in q, i.e. the conditions for UVF{Ft) 
to pass from True to False (or conversely) when q changes value. 
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For example, the result of DV F{Qfsy^^ S;) is a temporal logic formula. If it equals 
False, it means that UVF{Q'^s„^) is totally independent on S;. The interpreta- 
tion is that even though Si turns from True to False or from False to True, the 
fact that within 4 time steps the state will be or not be Sx does not change. On 
the other hand, it the result is not False, the formula contains the conditions 
which make the value of Si influence the fact that Sx will be the 4-future state. 

It is important to note that the result of this calculation is double: first, it 
indicates if a present factor can influence a future temporal event or not; second, 
if it appears that this influence exists, the formula contains all the sensitivity 
conditions. This can then be used either for generating simulation input sequen- 
ces, or this information can be exploited by the user to modify the system so 
that the sensitivity cases cannot occur, .... 

The important point is that there is an strong analogy with the Boolean 
Difference of Boolean functions, but the fundamental differences are that the 
formulae are expressed in Temporal Logic, and that the variables which are 
manipulated are typed (states, inputs, outputs) and non independent (because 
of the determinism properties). 

Properties of the TBD: Similarly to the classical Boolean Difference, the 
Temporal Boolean Difference has got some distribution properties. The most 
interesting here concerns the TBD of the exclusive-or of two functions: it is 
equivalent to the exclusive-or of the TBD’s of each function. It immediately 
follows that DVF{Et^ © Et^,q) = DVF{Et^,q) © DVE{Et 2 ,q) 

Extension to Generic Future: Furthermore, the calculation of the TBD can 
also be performed on an UVF which manipulates Generic Future [CHE97]. The 
applications of TBD are various. It permits to generate input sequences for 
resynchronizing the machine into a given ’’initial” state, or for distinguishing 
the inner states (which are unknown) through the generation of distinct output 
sequences. Moreover, a very wide field of application is the study of the impact 
of a decision (or a current event) on the future evolution of the system. Further, 
even though the user has got no possibility to change the present, he knows all 
the conditions which, when made True, make the system evolve into a given 
way. It is then up to him to choose his strategy for modifying some parameters 
and then determine what he wants to get into the future. In conclusion, we have 
defined a formal method for providing the user with an equivalent symbolic 
representation of the behaviour of the Finite State Machine model, and then 
with a tool which support proof of properties and formal analysis. In order 
to do this, it has been necessary to define the concept of Temporal Boolean 
Difference for evaluating the sensitivity of the evolution of a system with respect 
to some variable change. The details of the modeling and verification approach, 
as well as the demonstrations of all the theorems can be found in [MAG90] . The 
limitations of this approach are linked to the weak expressiveness of the ESM 
model, which only handles Boolean data, and which needs to express any data 
influencing the system through inputs or states. It follows that the number of 
states or transitions tend to increase exponentially as soon as new data have to 
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be taken into account. This is the reason why we have defined an extension of 
the FSM, called the Interpreted Sequential Machine model (ISM). All the 
details on this model and its verification can be found in [VAN95,LAR97] 

4 The Choice Operator for the Simplification of the 
Verification Process 

The FSM model and its verification principles have been presented. The sim- 
plification of the verification process is now studied. 

It has been shown that the proof of properties of a system modeled by a 
FSM is based on the study of EVF’s, UVF’s of DVF’s. The calculation of a 
DVF is based on the evaluation of the TBD of an UVF. 

We have seen that an UVF for a fixed next time step is an exclusive-or of 
conditions (which are themselves constituted a conjunction of an initial state 
proposition and an input sequence). In this case, thanks to the exclusive-or 
distribution property, the evaluation can be split into subcases. For each of 
them, the TBD is False if the condition does not depend on the variable with 
respect to which the FVD is calculated. This means that this comes down to 
calculating the Free Choice variable of each of the conditions and of the variable. 

Let us illustrate this approach with an example. 

Let us consider the FSM shown in Figure 1. Each of the transitions which 
appear on this FSM can be expressed as an EVF (with the associated propo- 
sitional variables): 

- EVEl ::= 0(81 A xi D 0^2 A zi) 

- EVE2 ::= □(si A X2 D 0^3 A zi) 




Fig. 1. Example of a FSM 
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- EVF 3 ::= □(s2 A xi D O^s A Zi) 

- EVFA ::= □(s2 A X2 D 0^2 A Z2) 

- EVF 5 ::= □(S3 A xi D Qss A zi) 

- EVFl ::= D(s3 A X2 D 0^2 A Zi) 

Let then study the way to reach state S'3 in two time steps. This requires to 
establish the following UVF: 

UVF (0^83) ::= (siAxiA Oxi)©(siAx2A Oxi)©(s2Ax2A Oxi)©(s2AxiA 
Qxi) © (S3 A xiA Qxi) © (S3 A X2A 0x2) 

Then, the study of FVD{ O^S3,Si) first requires to calculate: 

1. (siAxiA Oxi)l>Si 

2 . (S1AX2A Oxi)l>Si 

3. (S2AX2A Oxi)l>Si 

4. (S2AX1A Oxi)l>Si 

5. (S3 AxiA Qxi) l>si 

6. (S3 AX2A 0x2) l>si 

Obviously, these Free Choice variables are respectively: 

1. False 

2 . False 

3. True 

4. True 

5. True 

6. True 

It is necessary to evaluate the FV D only for the subformulas whose Free Choice 
variables are False. This means that: 

FVD{ 0^83, Si) = FVD(si A xiA Oxi,Si)© FVD(si A X2A Oxi,Si). 

Finally, by applying the definition of the Temporal Boolean Difference, it follows: 
FVD{ 0^83, si) = (xiA Qxi) © (X2A Qxi) 

5 Conclusion 

A formal verification method for systems which are modeled by Finite State 
Machines or extensions have been defined. The proof is based on the study of 
temporal logic formulas which express the behavior of the system. In order to be 
able to verify interesting properties (like the sensitivity of the future behavior 
with respect to present actions or decisions), a formal tool called the Temporal 
Boolean Difference has been defined. 

This verification method involves the manipulation of sometimes large for- 
mulas which can be considered independently. This is the reason why the Choice 
operator (which had been defined for a very different purpose: the management 
of complex conditions in symbolic simulation) can lower the complexity of the 
proof processing by first evaluating which subformulas will have no influence on 
the result. 

The next step of this study can consist in evaluating if the method which was 
developed for managing the Path Condition in symbolic simulation can help the 
proof process of a FSM by permitting to eliminate some temporal operators in 
the formulas. 
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Abstract. In this paper we derive exemplarily a parallel processor array 
for algorithms of commonly used tomographic reconstruction methods by 
using the tools of the design system DESA. The algorithms represent a 
group of computationally intensive image processing algorithms requiring 
high throughput and real-time processing. 

The design process is characterized by the consideration of hardware 
constraints and performance criteria. In particular, we determine one 
common parallel processor array for two different reconstruction tech- 
niques. Finally, the array is adapted to hardware constraints given by 
the target architecture which can be an application specific integrated 
circuit or a system of parallel digital signal processors. 



1 Introduction 

Parallel architectures such as parallel processor arrays enable the potential for 
producing scalable and efficient designs for computationally intensive applicati- 
ons in signal processing especially with real-time requests. A parallel processor 
array has a piecewise homogeneous structure with respect to the processor fun- 
ctions and the interconnection network between processors. This structure cau- 
ses high parallelism, intensive pipelining and distributed memories. Algorithms 
which can be described as systems of affine recurrence equations (SAKE) [11] are 
well suited for mapping onto processor arrays since they match the parallel com- 
putation structure and the piecewise regular interconnection scheme. In order to 
support the automatic design of processor arrays a wide range of methods has 
been developed e.g. [1,24,21,7,14]. The main parts of the processor array design 
process represent the transformations allocation which specifies the processors 
for the evaluation of the operations of the algorithm, and scheduling specifying 
the evaluation time of these operations. Several methods for integrating hard- 
ware constraints in the design process have been developed [25,4,5]. 

* The research was supported by the ’’Deutsche Forschungsgemeinschaft” , in the pro- 
ject Al/SFB 358. 
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Tomographic reconstruction techniques represent a kind of algorithms which 
are characterized by a high computational intensity and a structure well suited 
for parallelization in software or hardware. The commonly used reconstruction 
algorithms are the filtered back projection (FBP) [10] and the algebraic recon- 
struction technique (ART) [6]. Some work on parallelization of reconstruction 
methods has been published including both software and hardware solutions. 
In [18] the implementation of the FBP algorithm on parallel general purpose 
computers using parallel software for the Fast Fourier Transform (FFT) was 
presented. A custom processor for tomographic reconstruction methods which is 
superior to general-purpose processors was presented in [9]. In this CMOS VLSI 
chip for FBP the possible parallelism in processing the independent projection 
data is exploited. 

In this paper we propose one common processor array for FBP and ART 
which enables running either the one or the other algorithm at the same hard- 
ware. As target architectures we consider application specific integrated circuits. 
Furthermore a parallel software solution running on a parallel system of digital 
signal processors (DSPs) is presented. The used design system DESA includes 
the basic design methods and new techniques which lead to an efficient adapta- 
tion of the processor array to hardware constraints such as number of processors, 
I/O capacities and to performance criteria such as minimum chip area and mi- 
nimum computation time (latency) . The parameters of the DSP system, such as 
computation and communication time, size and access time of the memory, are 
included likewise into the software design method [12]. 

In section 2 the basic methods of processor array design including a presen- 
tation of the additional design tools implemented in DESA [15,4] are introduced. 
Section 3 specifies the considered reconstruction algorithms, and in section 4 the 
parallel processor array for FBP and ART is derived. Section 5 gives results of 
the parallel software implementation of the reconstruction algorithms. 



2 Array Design Methods 

2.1 Basic Methods 

Generally, algorithms in form of systems of affine recurrence equations (SARE) 
can be mapped onto processor arrays. These systems of affine recurrence equa- 
tions can be transformed into systems of uniform recurrence equations (SURE) 
[11] by a localization / uniformization [20,3] In this paper we assume that the 
initial algorithm is described as a SURE. 

Definition 1 (System of uniform recurrence equations). A system of uni- 
form recurrence equations is a set of equations of the following form: 

yi[i] = Fi{...,yj[i- i G l<i,j<m, (1) 

where the equations are defined in index spaces li being polytopes: 

Ii = {i \ Ail > aoi} 

with i Gli are index points, i GZ'”,Ai GQ'"‘^",aoi GQ^G 



(2) 
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In (1) the dependence vectors SZ”, 1 < fc < are constant vectors, called 
dependence vectors, and Fi, 1 < i < I, are arbitrary functions. We suppose 
that the SURE has a single assignment form (every instance of a variable yt is 
defined only once in the algorithm) and that there exists a partial order of the 
instances of the equations that satisfies the data dependencies. Variables which 
appear only on the right-hand side of equation 1 are denoted as independent 
variables. Variables which appear on the left-hand side of equation 1 are denoted 
as dependent variables. Due to exploitation of degrees of freedom during the 
design process we assume that in equation 1 the dependent data are localized, 
i.e. their indices are described by i — dj^, and the indices of independent data 
can still be affine functions of the index point i. This version of the SURE is 
called single assignment code (SAC) and will be used in the following as initial 
algorithm description for the design process. 

Next we introduce a graph representation of the data dependencies of the SURE. 
Definition 2 (Reduced dependence graph (RDG)). The equations of the 
SURE build the m nodes Vi € V of the reduced dependence graph fy,£). The 
directed edges (vi,Vj) G £ are the data dependencies weighted by the dependence 
vectors d*-. 

The weight of an edge e G f is called d(e), the source of this edge cr(e) and the 
sink 6{e). 

Generally, the basic transformations of the MPPA design are the uniform 
affine scheduling and the uniform affine allocation. They lead to full size arrays 
which means that the size of the array depends on the size of the initial algorithm, 
and that they keep the regularity of the algorithm in the resulting processor array 
[19]. For each index space of the SURE these transformations can be described 
as follows: 

Definition 3 (Uniform affine scheduling). An uniform affine scheduling as- 
signs an evaluation time to each instance of the i-th equation of the SURE with: 

Ti(i) = x^i -I- fj, 1 < i < m, (3) 

where r G Z'^, U G Z. 

The index points of an index space lying on the same hyperplane defined by the 
scheduling vector r are evaluated at the same time. 

Definition 4 (Uniform affine allocation). An uniform affine allocation as- 
signs an evaluation processor to each instance of the i-th equation of the SURE 
with: 

7Ti : 7Ti(i) = Si -I- Pi, 1 < i < m, (4) 

where S G is of full row rank, Pi G Since S is of full row rank, 

the vector u G Z", which is coprime and satisfies Su = 0 as well as u ^ 0 , is 
uniquely defined except to the sign and called projection vector. 

The index points of an index space lying on a line spanned by the projection 
vector u are mapped onto the same processor. 

Allocation and scheduling have to satisfy the constraints Ve G Z : r^d(e) > 0 
as well as ru ^ 0. The application of the allocation and the scheduling to the 
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original SURE results in a full size array. The interconnections v(e) of the array 
are determined by the allocation with v(e) = Sd(e) + P 5 (e) — Po-(e)) Ve € £ and 
the time delays w associated to the interconnections v by the scheduling with 
w{e) = T^d(e) + ts(e) - to-(e),Ve G £. 

With the uniform affine scheduling the latency of the MPPA, i.e. the time to 
compute the SURE on the MPPA , is given by 

L= max maxTi(i) — min minrUi). (5) 

l<i<m ieli l<i<m ieli 



2.2 Inclusion of High Level Synthesis Techniques 

In general, a parallel processor array consists of a set of processors and an in- 
terconnection network. The processors have to evaluate the operations, store 
intermediate results and control the communication with other processors. 

For the further array design process we include methods of the high level 
synthesis and consider modules which are responsible for evaluating certain ope- 
rations of a processor. The number and the kind of modules realized in one 
processor is called processor functionality. Instead of assuming a fixed processor 
functionality and determining a resource constrained scheduling [24] we want to 
specify the scheduling and the processor functionality concurrently since both 
influence each other. The aim is to determine a scheduling function which mini- 
mizes the latency under consideration of hardware constraints. First, we consider 
some parameters describing the hardware constraints. 

We assume a given set of modules AI, where each module mi G Ai is able 
to execute one or several operations needed to implement the SURE. 

— To every module mi G M we assign a delay di in clock cycles needed to 
execute the operation of the module to/, a necessary chip area ci needed 
to implement the module in silicon and the number ni of instances of that 
module which are implemented in one processor. 

— If a module mi G Ai has a pipeline architecture we assign a time offset oi to 
that module which determines the time delay after that the next computation 
can be started on this module, otherwise o; = d;. 

— Some modules are able to compute different operations. We assign to such 
modules different delays di^i and offsets oi^i depending on the operations Fj. 

The assignment of a module mi G Ai to an operation Fi is denoted as m{i). 

Using the introduced hardware description we are able to define two con- 
straints for the design process. In order to ensure a valid partial order preser- 
ving the data dependencies, the scheduling function has to satisfy the causality 
constraint: 



T d(e) -t- t(7(e) ^ d^,^^CT(e)),<T(e) 7 ^ £• ( 6 ) 

The above inequation has to guarantee the existence of all data needed to 
evaluate an equation of the SURE at the evaluation time of that equation. 

The second constraint (resource constraint) is responsible for the prevention 
of access conflicts to the modules. For more details we refer to [5]. 
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Considering these constraints optimum scheduling and processor functiona- 
lity can be determined using standard packages for solving the optimization 
problem. The optimization criterion is the minimum product of latency L of the 
processor array and the chip area cp of a single processor. 

3 Tomographic Reconstruction Methods 

3.1 Principle of Computed Tomography 

Computed tomography is known from applications in medical diagnostics as X- 
ray CT [2,8], MRI, and SPECT or in technical diagnostics e.g. non-destructive 
testing. It consists in the reconstruction of an n-dimensional image space from 
its (n-l)-dimensional projections. The principle is illustrated in figure 1. From 
a given set of projections p{k,m) a slice image b{i,j) can be calculated. The 
variables k and m address the k-th ray of the m-th projection(angle), i and j 
indicate the column and row indices of the slice image. 

The set of projections obtained from e.g. transmission measurements of the ob- 
ject is modeled by line integrals. The integral transformation was formulated 
first by J. Radon in 1917 [17] and is called the Radon transform. 

3.2 Filtered Back Projection Algorithm 

Filtered back projection is the most usual method in computed tomography. 
From the system-theoretical view the back projection is the inverse Radon trans- 
form [10]. The projection value p{k, m) is assigned to each pixel (i, j) of the trace 




Fig. 1. Principle of computed tomography 
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path back from the detector to the source. The back-traced values are finally 
added from each projection to built up the slice image intensities. Since the 
back projection of the unfiltered Radon transform p{k,m) results in a low-pass 
filtered version of the original image (caused by integration in the forward Ra- 
don transform and accumulation in back projection) in the FBP algorithm the 
projections p{k, m) are prefiltered with a high-pass system which can be done 
in the space domain using a convolution kernel h or in the space frequency do- 
main using the Fast Fourier Transform (FFT). Computer implementations of the 
FBP algorithm are often based on the equations 7 and 8. The projection values 
are thereby multiplied by an individual weighting factor a{i, j, k,m) indicating 
whether and to which degree the projection contributes to the pixel. Geometri- 
cally, the factor a(i, j, k, m) represents the overlapping area of a projection ray 
(k,m) with a pixel (i,j) (see figure 1) 

H/2 

g{k,m) = E p{k + n,m) ■ h{n) 0<k<K,0<m<M (7) 

n=-H/2 

K-l M-l 

Khj)=^^a{i,j,k,m)-g{k,m) 0 < < iV (8) 

fc =0 m =0 

The equations are implemented in the following nested loop program. 

for ( k = 0; k < K; k-|--|- ) 
for ( m = 0; m < M; m-|--|- ) 

for ( n = -H_2; n <= H_2 ; n+-f) 
g[k,m] = g[k,m] -|- p [ k-l-n ,m] * h [ n ] ; 
for ( i = 0; i < N; i-|— I- ) 
for ( j = 0; j < N; j-f-f ) 
for ( k = 0; k < K; k-f-f ) 
for ( m = 0; m < M; m-|--|- ) 

b[ij] = b[i,j] -I- a[i , j ,k,m]*g[k,m]; 

Prog. 1. Nested loop program for FBP 



3.3 Algebraic Reconstruction Techniques 

Algebraic reconstruction techniques (ART) for CT have been introduced by Gor- 
don in [6]. These methods are characterized by an iterative calculation of the 
slice image intensities b(i,j). For each iteration step s a mapping of the slice 
image, called the forward projection /(fc,m), is determined according to equa- 
tion 9. From a comparison to the measured projection p(k, m) a correction term 
for updating the slice image is derived. There exist several modifications of ART 
differing from the updating procedure . The relationships for the simple additive 
ART are given with equation 10. The value r{k,m) describes the number of 
pixels contributing to f{k,m). 
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N-l N-1 

EE a{i,j,k,m)-b{i,jY'''> 0<k<K,0<m<M (9) 

i~0 j—0 

= m.x[0, (.(«■)'•' + 

r[k, m) 

a{i, j,k,m) > 0,0 < i,j < N,0 < k < K,0 < m < M (10) 



A computer implementation of the additive ART is given with the following 
nested loop program. 



for ( s =0; s < S; s++){ 
for ( m = 0; m < M; m++){ 
for { k = 0; k < K; k++){ 
for ( j = 0; j < N; j++ ) 

for ( i = 0; i < N; i++ ) 

f[k,m] = f[k,m] + a [ i , j , k ,m] * b [ i , j ] ; 
c[k,m] = (p[k,m] - f [ k ,m] ) / r [ k ,m] ; 
for ( i = 0; i < N; i++ ) 

for ( j = 0; j < N; j++ ) 

if( b[i,j] + c[k,m] > 0 ){ 

if ( a[ i , j ,k,m]! = 0 ) b[i,j] = b[i,j] + c[k,m]; 
else b[i , j ] = 0; } }}} 

Prog. 2. Nested loop program for (additive) ART 



4 Array Design for Reconstruction Algorithms 

4.1 Generation of the Single Assignment Code 

According to the design flow of DESA which exploits Lamport’s hyperplane 
method [13] both algorithms have to be described by an SAC. As shown in 
the following, the original dimensions of both algorithms can easily be reduced 
so that they are embedded in a common three-dimensional index space I = 
{^k m n)"’" ,0 < k < K,0 < m < M,—H/2 < n < 27V^ . 

FBP: 

Since the variables i and j addressing the pixels in the reconstructed slice image 
generally occur as a tuple they can be concentrated in a single variable n. Hence 
the output image matrix becomes a ID data stream of length N'^. Furthermore 
this variable can be concentrated with the variable n of the convolution kernel, 
Anally the two initial nested loops are concatenated as shown in program 3. 
ART: 

The variables i and j are concentrated in one variable n again. Since the compu- 
tation of the forward projection /(fc, m) has to be finished before the updating 
of the image matrix can start the loops are concatenated so that the variable n 
runs from 0 to 2A^. The iteration index s describes the step in the iteration. If 
we assume that a resulting processor array can be used with small modifications 




134 



T. Schmitt et al. 



in all iteration steps only one step s (s = 0) is considered and the iteration index 
can be eliminated. The modified program is shown in program 4. 



for ( k = 0; k < K; k + + ){ 
for ( m = 0; m < M; m++ ){ 

for ( n = -H_2 ; n < N * N + H_2 ; n++){ 
if ( n <= H_2 ) 

if (( k + n >= 0 )&&( k + n < N)) 
g[k,m] = g[k,m] + p [ k+n ,m] * h [ n ] ; 
if ( n > H_2 ) 

b[n— H_2] = b[n] + a [ k ,m, n— H_2 ] * g [ k ,m] ; }}} 
Prog. 3. Modified C program for FBP 



for ( k = 0; k < K; k++){ 
for ( m = 0; m < M; m++ ){ 

for (n = 0;n<2*N*N; n++ ){ 
if ((n < N * N)) 

f[k,m] = f[k,m] + a [ k ,m, n] * b _in [ n ] ; 
if ( n >= N * N ) 
if ( a [ k ,m, n] > 0) 

b_out [n— N*N] = b_in[n] + (p[k,m] — f [ k ,m] ) / r [ k ,m] ) ; }}} 
Prog. 4. Modified program for (additive) ART 

The required single assignment code (SAC) can be directly derived from the 
nested loop programs 3 and 4. In contrast to nested loop programs, the iteration 
sequence of the SAC is not fixed but only limited by data dependencies. For the 
SAC conversion a reindexing and renaming of some variables of the nested loop 
programs is required. To observe the successive updates of the variable b in the 
FBP algorithm the new variables bbi and are introduced. 

Analogous the variables bfi and 6/2 have to be introduced in the ART code. 
The output variable bfout is used as input in the next iteration cycle. Note 
that the calculation of max[0,bin[n] + {p[k,m] — f[k,m])/r[k,m])] according to 
equation 10 is performed outside of the processor array. The SAC with the 
recurrence equations of both algorithms is shown in program 5. 

The SAC can be represented in a more comprehensive way by a dependence 
graph (DC) (see figure 2). 

For reasons of clarity we show one separate DC for each algorithm. It should 
be noted that the DC for the ART algorithm was slanted by —H/2 as well as 
the DC of the FBP algorithm to obtain identical scheduling functions. 

As it can be seen both DCs show a very similar shape. They essentially 
differ from the limits of the n direction and from the operations which have to 
be evaluated. Note, that only the dependent variables are indicated. The FBP 
algorithm is started with the convolution in plane fc + n = 0, the convolution is 
finished in plane k + n = H/2, subsequently the back projection starts. 
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g(k, m, n) = p{k + n, m) * h{n) V(fc m a k+n=o 

g(k, m, n) — g(k, m, n — 1) + p(fc + n, m) * h{n) V(fe m ™)^ei a l<k+n<^- 

g(k, m, n) = g(k, m,n — 1) V(fc m n)'^ei a ^+i<fc+n<^+Af^ 

bbi{k, m, n) = g{k, m, n) * a{k, m,n + k — ^) V(fc m a m=o a ^+i<fc+n<^+jv^ 

bbi{k, m,n) = bbi (k,m — l,n) + g{k,m,n) * a{k,m,n + k — &) 

V(fc m n)'^el A l<m<M-l A ^ + 1 <fc + n< ^ + Af ^ 
51)2 (fc, m,n) = bbi (k,m,n) V(fc m n)'^ei a k=K-i a m=M-i a s+i<fc+„< u_,_jy 2 

bb 2 {k, m, n) = bb 2 (k + 1, m, n — 1) + bbi{k, m, n) 

\/(k m n)'^el A 0<k<K-2 A m=M-l A S +1 < fc+n< S +JV^ 
bbout(n) = b& 2 (fc, m, n) V(fc m n)'^el a fc = 0 a m=M-l a S + l<fc + n<-S+Af^ 

/(fc, m, n) = a(fc, m, n) * bfin{n) V(fc m n)'^ei a fc+n=o 

/(fc, m, n) = /(fc, m, n — 1) + a(fc, m, n) * bfi„{n) V(fc m n)^ei a i<fc+™<iv2 

/(fc, m, n) = /(fc, m,n — 1) V(fc m n)'^ex a iv^+i<fc+n< 2 *iv^ 

bfi{k, m, n) = sign(a(k, m, n)) * (p(fc, m) — /(fc, m, n))/r{k, m) 

V(A: m n)^GX A m—0 A iV^ + 1< fc + n<2*iV^ 

6/i(fc, m, n) = bfi{k, m — l,n) + sign{a{k, m, n)) * (p(fc, m) — f{k, m, n))/r{k, m) 

V(fc m n)^eX A l<m<M-l A JV^ + 1 <fc + n<2* JV^ 
bf 2 {k, m, n) = bfl{k, m, n) V(fc m n)^gl a k^K-l a m=M-l a JV^ + l<fc+n<2*JV^ 

bf 2 (k, m, n) = bf 2 {k + l,m,n — 1) + bfi{k, m, n) 

V(fc m n)'^GI A 0<k<K-2 A m=M-l A < fc_|_„<2* 

bfout{n) = bfi„{n) + bf 2 {k + l,m, n - 1) + bfi{k,m, n) 

V(fe m n)'^ A fc— 0 A m — M — 1 A Af ^ +1 <fc+n<2* Af ^ 

Prog. 5. Combination of the algorithms in a common single assignment code 



Analogous the ART algorithm starts with the calculation of the forward 
projections which are available in plane k + n = N'^, then the determination of 
the correction term and the updating of b is performed. Finally, the b values are 
successively available in the index points (0, M — 1, n). 



4.2 Determination of Allocation Functions 

The common SAC of both algorithms is the starting point of the automatic 
design process with DESA. The embedding in one dependence graph ensures 
that allocation and scheduling valid for both algorithms can be determined. 

In the first step possible affine uniform allocations due to equation 4 are 
calculated. In table 1 several allocations described by the projection vector u 
and the appropriate number of processors are given. 

Obviously, the allocation in direction u = (O 0 l) should be chosen, thus a 
two-dimensional processor array with the minimum number of K * M processors 
adapted to both algorithms arises. Each other allocation leads to processor arrays 
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Fig. 2. Dependence graphs a) for FBP and b) for ART 
Table 1. Processor allocation using different projection vectors 



Projection vector 


Number of processors 


ui = (0 0 1)'^ 
U2 = (1 0 -1)^ 
U3 = (0 1 0)"^ 
U4 = (0 1 1)^ 


K*M 

{2N^ + 1)*M 
{2N^ + 1)*K 
{2N^ + K-1)*K 



with a higher number of processors only matching the requirements of the ART 
algorithm which means that a number of processors will not be used if the 
FBP algorithm runs on the array. Furthermore the chosen allocation has the 
advantage that the size of the processor array is only specified by the size of the 
acquisition system {K detectors, M acquisition angles ), it does not depend on 
the size of the slice image which has to be calculated. 

In figure 3 the structure of the arising processor array is given. The enlarged 
areas show one single processor with FBP and ART functionality. As it can 
be seen several modules can be used by both FBP and ART. Note that the 
boundary processors have slightly different functionalities. 
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Fig. 3. Processor array with FBP functionality (top) and ART functionality (right) 



4.3 Determination of Optimum Scheduling and Hardware 
Components 

For the given allocation using the projection vector Ui the optimization of the 
scheduling function and the selection of the hardware components for the pro- 
cessor functions according to section 3 is performed. Table 2 gives an overview 



Table 2. Hardware components: parameters and selection 



Module 


Function (o) (o = d) 


a 


mO 


mac(3),add(l),sub(l),div(10) 


8 


ml 


div(6) 


12 


m2 


mac(l) 


10 


m3 


add(l),sub(l) 


3 



Modules 


cp 


Cp ■ Lart 


Cp ■ LpBP 


m0,ml 


25 


61660 


38060 


ml, m2, m3 


20 


77025 


13600 


2*m0 


16 


82128 


17408 
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on available modules with their functions and parameters (normalized values) 
and shows the results of the hardware components selection. 

The module selection was optimized for both algorithms separately. Although 
the optimum module selections are different for the two algorithms the selection 
mO,ml should be preferred since the ART algorithm is more expensive caused 
by its iterative application. 

5 Parallel Program Design for Reconstruction Algorithms 

In the previous sections methods for the design of parallel hardware were presen- 
ted. This section contains the application of analogous methods for the design 
of parallel software for a system of digital signal processors (DSPs). 

The architecture of the used DSP system consists of a host and up to 16 DSPs 
of the types TMS320C40 and TMS320C44 [23,26]. The host computer includes 




Fig. 4. Used topology of the DSP system 

a SPARC 5 processor, the mass storage and 1/ 0-facilities. Each DSP of the sy- 
stem contains an on-chip memory of 2 x 4 kByte and an external SRAM of at 
least 2 X 512 kByte. For the bidirectional communication with other processors, 
a TMS320C40 has 6 and a TMS320C44 has 4 communication ports (comports). 
The use of flexible cables for the communication channels allows variable topo- 
logies. Figure 4 shows the configuration used for the examples below. 

The starting point for the parallel program design is also the single assign- 
ment code (see section 4.1). By applying a processor allocation and a scheduling 
function to each index point, a processing element and a processing time is 
assigned [16,19]. The result is a problem size dependent processor array. The ad- 
aptation of such a processor array to the number of available processors (in that 
case: DSPs) is realized by partitioning methods [3,22]. The partitioned processor 
array is interpreted as a parallel program for the given processor system. 

This design process is illustrated exemplarily with two recurrence equations 

g{k, m, n) = g{k, m,n — 1) + p{k -I- n, m) * h{n) V(fc m n)'^ei a i<k+n<!f 

bb\{k, TO, n) = bbi{k, m — l,n) + g{k, to, n) * a(fc, to, n) 

V(fc m n)^eX A l<m<M A ^^<k+n<^^+N^ 
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of the FBP reconstruction algorithm. The transformation with scheduling vector 
T = (O 1 l) and projection vector it = (O 0 l) leads to the equations: 

g{t,pl,p2) = g{t - l,pl,p2) + p{t + pl,p2) * h{t) V(t pi p 2 )^Gi a i<t+pi<f 
bbi{t,pl,p2) = bbi{t,pl,p2 - 1) + g{t,pl,p2) * a{t,pl,p2) 

V(t pi p2)'^Gl A l<p2<M A S<i+pl<-f +AT^ 

in the transformed domain I = {{t pi p2) ^ |0<pl<AT A 0<p2< 
M A 0<t + pl< 2N'^ + K}. The size of the problem size dependent processor 
array is pi x p2 = A' x M. By partitioning, this processor array is adapted to 
the number of M = 16 available DSPs. All operations of the processors pi are 
scheduled sequentially on a processor p2 by introducing the time tl = pi. 

g{t, tl,p2) = g{t — 1, tl,p2) + p{t + tl,p2) * h{t) V(t ti p 2 )^gi a i<t+ti<s 

tl,p2) = bbi{t, tl,p2 — 1) + g{t, tl,p2) * a(t, tl,p2) 

V(t tl p2)^Gl A l<p2<M A f<t+tl<S-+N^ 

The resulting topology is a one dimensional line of 16 DSPs. 

The recurrence equations above can be interpreted as follows as a part of the 
parallel program for the DSP p2 presented in the language C: 

for ( t = -H_2 ; t <= H_2; ++t ) 
for ( tl = 0; tl < K; + + tl ) 

if ( t+tl >= 1 && t+tl <= H_2 ) 

g[t][tl] = g[t-l][tl] + p[t+tl] * h[t+H_2]; 

for ( t = -H_2 ; t <= H_2 + N * N; + + t ) 

for ( tl = 0; tl < K; + + tl ) 

if ( t+tl > H_2 && t+tl <= H_2 + N * N ){ 

bb_l[t][tl] = comport _read ( InChannel) + g [ t ][ 1 1 ]* a [ t ][ 1 1 ] ; 
comport .write ( OutChannel , bb_l [ t ] [ 1 1 ] ) ; } 

The transfer of the variables bbi{t,tl,p2 — 1) of the DSP p2 — 1 to the DSP 
p2 is realized by the function comport j:ead( InChannel ), where InChannel de- 
termines the number of the comport to the DSP p2 — 1. The transport of the 

variables bbi{t,tl,p2) to the next DSP p2 + 1 is performed by the function 

comport -write ( OutChannel, bb_l[t][tl] ). 

Finally, the collection of all program parts obtained by all recurrence equa- 
tions results in a parallel program, which still fulfills the single assignment con- 
dition. 

The time for the loading of the projection data to the DSPs, the computation 
time and the time for transferring the image data to the host are measured for 
different implementations of the FBP algorithm (see table 3). 

Our parallelization strategy leads to parallel single assignment programs, which 
can be optimized “by hand” to get better results. The speedup for this method 
of 15.8 is calculated by comparing the parallel (tpar) with the one DSP single 
assignment implementation (tging)- A more practical speedup of 4.9 is given by 
the ratio of the overall sequential tggq and parallel computation time tpar- 
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Table 3. Implementation results of the FBP algorithm 



Action 


Host 

ihost in /J-S 


1 DSP 

sequential 

tseq in pS 


1 DSP 

single assign. 

tsing m pS 


16 DSPs 

ipar in fXS 


Speedup 

1 

^sing 


Speedup 

2 

^ ihost 
^var ^var 


Load 


- 


30 


31 


34 






Computation 


40566 


41153 


133344 


7955 






Store 


- 


153 


154 


153 






Overall 


40566 


41800 


134124 


8464 


15.8 


4.9 



6 Conclusion 

Tomographic reconstruction algorithms are suitable for a parallelization in hard- 
ware or software. Using the tools of the design system DESA we derived a com- 
mon processor array for two different reconstruction algorithms. It is intended 
to implement this processor array in silicon. 

The used design methods are also applicable to the generation of parallel 
software for multiprocessor systems. Currently, the work is continued with the 
treatment of larger image matrices and the inclusion of new partitioning me- 
thods [3]. 
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Abstract. The paper presents an approach to formalize a continuous-time 
system description and a suitable approach to elaborating intelligent computer 
aided design system. Corresponding principles and a structure scheme are 
proposed to implement the approach. The approach enables one to use both 
design rules and design algorithms by an effective manner in dependence on 
task requirements. The organization of calculations is considered under 
modeling continuous-time systems on the basis of using flexible simulating 
complex. Also, an application of the flexible simulating complex to design a 
universal model of a nuclear power plant is considered. 



1 Introduction 

Recent time researches are characterized by increasing interest to use of hierarchical 
and through design technique within design of complex continuos-time control 
systems. In turn, solving such a problem is faced with a need of a unified description 
of the model components under automatic design a complex model at any hierarchical 
level. Lack of a unified model description considerably influences on task description 
language and makes designers to use the apparatus of formal parameters as well as 
complicates generation of the model program code [1]. The present paper considers an 
approach to formalize a continuous-time system description. 



2 Basic Description 

Let us consider a complex system S , which consists of elements 5, , i = l,N , e.g. 
fig.l. Each of the elements 5, is described by the equations of the form: 

Xi=fi{xi,Ui,t)\ 
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1 




Fig. 1. Complex system S 

with Xj being the state variable vector, m, , input variable vector, , output variable 
vector. In turn, and (p, are some nonlinear vector-valued functions. 

Aggregation of the elements 5, into the system S is given by a one-to-one 
conjugation operator: 

kf=4‘»r) ® 

which handles link of input variable of the / -th subsystem with output variable of the 
i -th subsystem. In (2), [j,y ] is a subset of the output set of the system elements, 

N N 

(Jy, , and ] is a subset of the input set of the system, (Jm/ ■ Elements of the 

1=1 ;=i 

sets [py] and are referred as common, or input/output, variables. 

3 System Formalization 

For the system S , the aggregated vector x^(t)= (xj(t),X 2 (t),...,x^(t)), is the model S 
state at the time moment t. Here x, (t) is the state vector of the functional element 5, 
at time moment t, i = \,N . Again, the system S may be described by the 
input/output/state equations (3) and by the link equation [j,y J* - ) 
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•^2 =fl{^l,U2,t) 
yi=02{x2,U2,t) >. 



(3) 



- f n{^N N 

9n - 0n{^N’^N’^) 



Under aggregation of the elements S , into the system S , the set of the 

where 







( N \ 


input/output variables will be denoted as Q ' , i.e. Q' = 


p 











Uj =\ujj\, {j = are sets of the system 5, input variables, and 

El = IEii}; {k = \-,—,n) . Then, the input variables of the system S will include only 
those input variables of the functional elements 5, which are not the input/output 

^ N \ 



variables, i.e. Mc = 






\Q'- 



N 

For the total model, all the elements of the set (Jy, are the input variables. 

i=l 

Consideration of complex systems leads to gathering of excessive information. So, 
instead of total models, macromodels are frequently used. Then, the input variables of 

N 

the system are elements of a subset meeting the condition y^ 

i=l 

Each element 5, may be characterized by a set of parameters, which describe some 
characteristics of the element, and functions, which are the coefficients in equations 
(1). Due to the system S is described by equations (3), the system S parameter set is 
the union of parameter sets of the system S components. In general, the system S may 
involve both stationary and non- stationary elements. So, the system parameter set will 
involve both constant and time-varying parameters. Let the set of constant parameters 
of the i -th element be denoted as Pj , and the set of time-varying parameters as Q" . 

N N 

Then, the following relationships hold 7^ , Q" ■ H®re P^ stands for 

;=1 ;=1 

the set of the system S constant parameters, Q" , for the time-varying parameters. 

Frequently, especially when describing complex system models, equations (3) are 
useful to be rewritten in the form 



i=/(x,M,e^t), 



(4) 
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^x,u,Q”,] , 


(5) 


II 


(6) 



where Q” is the vector of intermediate variables. Introducing into consideration the 
set Q” is motivated by the following reasons. For a number of cases, the used 
component of equations (4) and (5) is comfortable to calculate in advance (equation 
(6)), with, in sequel, the calculation result to be used in equations (4) and (5). The set 
Q” may be formed also when involving equations of correction of state variables or 
derivatives of the state variables. Under state variable correction, when integrating 
vector X , the vector of state variables without errors, , is formed. After improving 
the vector x^ in accordance with equations of correction, the vector of corrected state 
variables, x, is formed. For the case, elements of the set {x^} also may be 
considered as intermediate state variables. 

The set of intermediate variables corresponding to the correction of vector of state 
variable derivatives is formed in the same manner. Within this, the intermediate 
variables are those of calculated in accordance with equation (4), with the corrected 
variables forming the vector of state variable derivatives. 

Let us introduce the set Q to be referred as the set of internal variables as follows: 
Q = , i.e. the set unites input/output variables, time-varying parameters 

and intermediate variables. Then, any continuos-time system described by equations 
(1) may be characterized by the following sets: X, D, U, Y,Q,P , where X is the set 
of state variables, D is the set of state variable derivatives, U is the set of inputs, Y 
is the set of outputs, Q is the set of internal variables, and P is the set of parameters. 
The complete continuos-time system description is also required a set of equations R . 
Then, the continuos-time system model will be described by the following manner: 

M,={X,D,U,Y,Q,P,R). (7) 

Benefit of such a representation is motivated by the reason that it enables one to 
describe uniformly complex systems as well as theirs components. Also, the complex 
model description design process based on the model components may be 
implemented in completely automatic manner. 

Consider aggregating the elements 5, , i = l,N into the system S . A model w,- of 
each 5, is described by the equation 



n,={X„D,,U„Y„Q„P„R,). 



( 8 ) 



The system S model may be described by the equation of type (7), and in 
accordance with above consideration the following relationships between the sets 
X, D, U, Y, Q, P, R and X, , Z), , C/,, Y ^ , g, , P , , Z?, hold 
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N N N N 

x = [jx„-, d = Ua; ^ = ^ = U^’ 

/=1 1=1 1=1 /=1 



( N ^ 




( N A 


/ 


N \ 


u = 


U“- 


\ 


U“. 


n 


[jyi 








1'-' t 


V 




f N ) 




f N '' 


\ f N V 


Q = 


Ua 


n 


U“. 


n 




V 






t'-' , 




v'=' 



N 

/ = 1 



( 9 ) 

( 10 ) 
( 11 ) 



( 12 ) 



Involving common variables into the set Q enables one to eliminate the equations 

of linking. Thus, using expression (8) to describe each element models and 
relationships (9)-(12) permits to design a description of complex system model (7), 
with the formalized description of a functional element model being designed in 
automatic manner by use the element equations. 



4 An Approach to Elaborating Intelligent Computer Aided 
Continuous Time System Design 

At present, the following two methodologies of computer aided design may be noted. 
The first one is based on representation of a designer knowledge as a set of rules, with 
the rules being used by expert systems. Within the second methodology, knowledge 
may be represented as design algorithms. The present paper considers a suitable 
approach to elaborating an intelligent computer aided design system, which combines 
both the above methodologies. Corresponding principles and a structure scheme are 
proposed (fig. 2) to implement the approach. The approach enables one to use both 
design rules and design algorithms by an effective manner in dependence on task 
requirements [2]. 

When elaborating an intelligent computer aided design system, the following 
principles are proposed to be involved: 

- providing a correct transformation of general system description into a structure 
scheme; 

- parallel design of processing part and control part of the structure scheme of the 
elaborated system, what enables one global improving of the total structure; 

- design process organization by a manner which provides the solution obtained at 
each step to reduce the design space with simultaneous possibility of investigating 
alternative variants at next steps, what enables one to implement problem oriented 
solution search in the design space; 
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Fig. 2. Structure of an intelligent computer aided design system 

- representing knowledge both as rules and algorithms, what enables one to increase 
effectiveness of the design structure of the elaborated system; 

- using hierarchical structure of the computer aided design system and module nature 
of components of the system; 

- providing the computer aided design system software to be extendable and easy to 
update. 

The system software has the following two-level organization: 

- the upper level is the model architecture compilation subsystem; 

- the lower level corresponds to specialized subsystems. 

The model architecture compilation subsystem has the following functions: 

- analysis of the initial description and decomposition of the elaborated system onto 
separate functionally completed subsystems, selecting isochronous areas; 

- selecting the time scheme; 

- modeling the structure elaborated, analysis of the results obtained and decision 
making. 

Basic functions of the specialized subsystems involve: 

- analysis of the initial description and decomposition of the subsystem onto separate 
functionally completed subsystems, selecting isochronous areas; 

- selecting time scheme; 

- forming structural description of the functional subsystem; 

- modeling the structure elaborated, analysis of the results obtained and decision 
making. 

Each subsystem has an access to the corresponding data base which contain basic 
structures of the functional elements and subsystems. Besides that, an upper level 
subsystem has an access to databases of the specialized subsystems. 

The all subsystems have access to the corresponding knowledge bases which 
contain design rules and design algorithms. Comprehensive modeling of the functional 
subsystems and the total system is implemented by the total modeling subsystem. 
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5 Specialized Data Base of Software for Mathematical Modeling 
Continuous Time Systems 

Using specialized databases (SDB) of software for mathematical modeling continuous 
time systems enables one to simplify modeling task description language, to 
implement semantic analysis of a task, to introduce supplements into the task 
automatically. A SDB contains information about plants subject to investigation as 
well as about applied program codes, which are used under modeling. Also, a SDB 
has a user interface. 

A database elaborating is concerned with constructing a conceptual description of 
enterprise, deriving database scheme, and its software realization. The conceptual 
description is used for abstract enterprise representation. This enables one to reflect 
corresponding enterprise features, objects and theirs properties, which are of the most 
importance, from a user point of view, as well as connections between the objects, 
which will be described in the SDB. 

The following two types of objects may be noted to provide the process of 
modeling complex continuous time systems. These are information on models of the 
investigated systems and information on tools supporting the modeling process, i.e. 
the applied software. 

A class of the investigated objects forms a hierarchical structure having additional 
connections and, in general, may be represented as a network whose vertexes are 
systems and elements of the class S, with the elements are the terminal vertexes. Arcs 
of the networks represent the connections between the objects. The class of the 
modeled objects will be characterized by notions corresponding to really existing 
elements and systems, which are interconnected by relationships of the form “the part” 
and “the whole”. A graph obtained by the manner will be referred as the graph of 
notions. Terminal vertexes of such a graph are the notions characterizing the 
functional elements, which are not disjointed in sequel under consideration of the 
systems of the given class. 

The all vertexes of the graph are separated onto subgroups, of the form “element” 
and “system”. The first subgroup involves notions characterizing the functional 
elements of the null level of hierarchy. The second subgroup involves notions 
describing the functional elements at the others levels of hierarchy. 

Each vertex of the graph will be characterized by a list of attributes and theirs 
values. Since in the graph of notions the all attributes of objects relating to elements 
are inherited by objects relating to systems, what is achieved by introducing 
relationship “part-whole’, the lists of attributes for elements and systems will be 
partially different ones. If elements are characterized by variables and operators then 
systems are characterized, in the first turn, by the list of elements involved into the 
systems. 

Another important part of the conceptual description of the mathematical modeling 
process is the information on software tools used under modeling. Within the problem 
of mathematical modeling of continuos time systems, the following types of applied 
programs may be noted: calculating input actions, integration, processing intermediate 
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results, forming delivery documents, delivering documents in accordance with results 
of investigations, processing results of modeling. 

Each type of the applied programs may be described, in general, by attributes 
which are appropriate for all programs of the class, with each program being 
characterized by proper attributes and theirs values. 

In accordance with the conceptual description, in the SDB, two parts are 
accentuated. The parts are oriented on storing information on investigated subjects 
and conditions of modeling. 

Model of data used within the SDB has some advantages in comparison to such 
known models as the hierarchical one, network one, relational one. In contrast to the 
hierarchical model, the proposed model enables one to operate without preliminary 
fixing of the structure embedding level; enables one to realize references of an object 
onto itself, what is not allowed within the network model; has a control system which 
is more effective in time than that of relational model. The scheme of database is 
presented at fig. 3 and 4. 

Fig. 3 demonstrates a part of the SDB used to represent investigated objects of 
some class. In the scheme, the following objects are accentuated: ELEMENT, 
OPERATOR, VARIABLE, SYSTEM, SYSTEM-INPUTS, SYSTEM-OUTPUTS, 
CONNECTIONS. Each objects is characterized by certain proper attributes. Object 
ELEMENT has the following attributes: ELEMENT -NAME, PRM-NAME indicating 
a connection with corresponding program code which realizes the model. Object 
OPERATOR is characterized by attributes NUMBER, APPLICATION- VECTOR, 
OUTPUT-VECTOR. Object VARIABLE has the following attributes: IDENTIFIER, 
ARRAY, INDEX, TITLE, DIMENSION-UNIT, DEFAULT-VALUE. Each element 
may have more than one OPERATOR’S and more than one VARIABLE’S. Objects 
SYSTEM is characterized by attributes SYSTEM-NAME, PRM-NAME. Objects 
SYSTEM-INPUTS and SYSTEM-OUTPUT are characterized by attributes OLD- 
NAME, NEW-NAME. OLD-NAME of the input or output is written to designate 
inputs and outputs of the functional elements at lower hierarchy levels. NEW-NAME 
determines the inputs and outputs of the investigated system. For a number of cases, 
the new and old names may coincide. To assign object CONNECTION one should to 
assign INPUT-NANE and OUTPUT-NAME which determine both input and output 
identifiers and identifiers of the corresponding functional elements. Each system may 
have several SYSTEM-INPUT’s, SYSTEM-OUTPUT’s, and CONNECTION’S, may 
consist both of ELEMENT’S and SYSTEM’S. 

Another part of the SDB describes modeling process support tools, i.e. applied 
programs. The following objects are accentuated: APPLIED-PROGRAM, 

INTEGRATION-METHOD, RESULT-PROCESSING-PROGRAM, DOCUMENT- 
FORMING-PROGRAM, DOCUMENT-DELIVERY-PROGRAM, PAPAMETER. In 
turn, each object is characterized by a set of proper attributes. Corresponding scheme 
of the SDP part considered is presented at fig. 4. 
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Fig. 3. A part of the SDB scheme used for presentation of investigated subjects of some class 
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6 Computation Organization for Modeling Continuous Time 
Systems 

Within the approach presented, modeling continuous time system process is 
implemented by dialogue program complex which is based on the following main 
principles: 
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- separate description of model and modeling conditions; 

- separate description of structure and model parameters; 

- implementation of computing input actions, computing derivatives, integration, and 

result delivery within separate specific program modules; 

- dynamic loading of models; 

- use of interpreting approach to call the above modules. 

Consider the organization scheme in details. Modeling task written in a special 
problem-oriented language is transformed into a set of tables containing information 
on the model, input actions, intermediate and final modeling results. Based on the 
information, corresponding computation scheme is composed, in which names of 
called programs are written. 

Under modeling, corresponding control is implemented by use a modeling monitor 
which is partitioned onto four regions. These are: initialization, dynamics, changing, 
and termination. The region of initialization serves to load programs, to set, in a 
dialogue mode, initial conditions, model parameters and modeling conditions. The 
dialogue is initiated by computer. The user is provided to look through default 
parameter values and change those of them which will not be found suitable. Such an 
approach considerably simplify entering data and theirs modification in sequel. 

The region of dynamics is used for cyclic call of programs of computing input 
actions, right-hand-side parts of dynamic equations, delivering intermediate results, 
integration. Call of programs is based on interpretation procedure in accordance with 
accepted scheme of computations. Using such a computation scheme provides user 
interference into the computation process. Under a request on interruption, modeling 
is terminated, and control is transferred to the region of changes. In the region, in a 
dialogue mode, it is found out which concrete changes are to be involved into the 
program, and corresponding actions are made. To assign another input actions or 
another method of integration it is sufficient to insert corresponding changes into the 
control tables and load new programs instead of those used before. To change model 
parameters or input action parameters it is sufficient to change parameters of the 
corresponding programs. At the same time, modification of the model structure 
requires new forming program of computation of right-hand-side parts of dynamic 
equations. 

The region of termination serves for final processing of modeling results. 

The approach described provides comparatively fast modeling program 
modification, preserving simultaneously its high efficiency. 



7 Flexible Simulating Complex for Design Problems 

Conventionally, a design process, concerned with both large scale models and 
industrial plants, requires large expenditures of design time and a number of other 
resources. In contrast, a computer modeling which uses a flexible simulating complex 
(FSC) is an effective alternative way, in costs and various engineering decision 
making criteria, of solving the problem [3]. The entity of such a flexible modeling is 
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multiple using various program modules as unified and standard components of 
different complexes of programs. 

Within the flexible modeling approach, a universal model of a nuclear power plant 
(NPP) unit has been elaborated. Since there exist no absolutely equal NPP units, there 
exist a need to elaborate a FSC which could be tuned in operative mode to any 
existing or designed NPP unit, and which could also be tuned to any change in the 
NPP unit equipment or in the NPP unit control system. Thus elaborated, the FSC 
involves models having different complexity and detailed elaboration, what enables 
one to implement prediction computations for NPP unit industrial processes without 
essential loss of accuracy. A structure scheme of the FSC performance corresponding 
to a NPP unit parameter modeling is presented at fig. 5. 
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model 




model 
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MODEL 
SELECTION 
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Fig. 5. A stmcture scheme of FSC performance corresponding to a NPP unit parameter 
modeling 

The FSC elaborated is built by use of module principle. Within it, the all industrial 
equipment is partitioned onto groups, with each group being described by a separate 
functional module (block). Most of these functional modules have several variants of 
computer realization. These variants differ one to another in details and completeness 
of description of corresponding parts of equipment and technological processes, and, 
consequently, computational characteristics (CPU time, on-line storage, etc.). 

Design and modeling tools composed within the FMC have the functional structure 
presented at fig. 6. 
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Fig. 6. Scheme of functional module of the NPP FSC 
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1 Introduction 

Arthur Koestler (1967, 1969, 1978) introduced into science the concepts of a 
“holon” and of a ’’holarchy”. A holarchy is according to A. Koestler a tree-like 
hierarchy where the nodes of the tree - the components of the hierarchy - are 
autonomous intelligent acting I/O systems. 

Koestler calls such components “holons”. Holarchies provide according to 
Koestler the appropriate conceptual framework for modeling and simulation of self 
organizing open hierarchical systems as they can be found in biology, medicine, 
sociology and management science. Especially he was interested to use holarchies 
for modeling the function of the human brain. In the past years artificial intelligence 
developed the topic of agent systems. Agents are intelligent acting systems which 
are able to perform certain tasks in an autonomous way. For the user agents are 
usually invisible. In case that agents are information processing systems their 
realization can be done in software (software agents). The elaboration of agent 
methodology led to the concept of a “multi-agent”, a network of cooperating agents 
(e.g. J. Ferber 1999). Agents have a conceptual similarity to the holons of A. 
Koestler. It seems to be natural to try to make use of the available agent technology 
to construct a network of systems which constitute a holarchy in the sense of A. 
Koestler. We call such system a Multi- Agent Holarchy. 

In this paper we try to make a first step towards such an investigation. Besides of 
the work of Koestler and the existing models for multi-agent systems we base our 
paper here on earlier work of this author (Pichler 1995, 1999). 



2 Holons and Holarchies 

A holon, according to Koestler is a model-component with a “Janus face” - one side 
looking “down” and acting as an autonomous system giving directions to “lower” 
components and the other side looking “up” and serving as a part of a “higher” 
holon. 

Holons, in the sense of Koestler, are essential in hierarchical systems with 
intelligent performance. They allow the modeling of complex phenomena in a non- 
reductionistic way. In a multi-strata hierarchy, in the sense of M. Mesarovic (1970) 
(a hierarchical ordered system where every level is a domain specific abstract 
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version of the overall complex real system under consideration) holons are the 
components for modeling parts of the system at different levels. They emerge in this 
case from the dependent holons in the model of the next lower level. 

In the case of multi- strata hierarchies the mathematical concept of structural 
“morphisms” - used to relate models of different levels onto each other - plays an 
important role. Using this concept there is a good chance that a rigorous 
mathematical approach to construct such models does exist and strong mathematical 
oriented means for their analysis will be available. 

A different situation is given by hierarchies which are multi-layer systems (in the 
sense of M. Mesarovic). These are hierarchies which model the overall system, 
where the components receive “orders” from components above and transmit 
“orders” to components on the next lower layer of the model. When Arthur Koestler 
introduced his concept of a “Selforganizing Open Hierarchical Order” (SOHO) he 
had a multi-layer hierarchy in mind with holons as the components. 

Holons in the sense of Koestler are important modeling means for components of 
any hierarchical model of a real system with complex behavior. 

Systems Theory, the scientific discipline which provides formal models for 
solving complex problems in science and engineering, has the task to elaborate the 
concept of holon and related holonic models and to provide methods and 
computerized tools for its application. 

In the following we will try to explain the approach of Arthur Koestler. 

First, we mention again the concept of the “Janus face” nature of a holon, which 
is emphasized by Koestler. This concept assures compactness of a SOHO structure 
with respect to the vertical coupling of its layers as well as the independence of 
holons (which are the components) at each layer. Immediately one is confronted 
here with the question, how the “Janus face” of holons laying in the most upper and 
the most lower layer of the “holarchy” is realized. We believe that such holons have 
to rely for their function in a great deal on “art”. The highest level upper holons 
need, for their role in giving guidance and orientation to the holons below, a 
reference systems - mostly available to them by intuition - on which to base their 
decisions. The “Janus face” of those holons, with respect to its looking “up”, can 
usually not be achieved by learning alone but needs a certain talent to build the 
proper reference system. 

On the other hand, holons which are situated on the lowest layer need for the 
“down” looking “Janus face” a skill comparable to handcraft, to realize and integrate 
the processes which define the lower boundary of the SOHO-structure. This skill 
can again be considered as a kind of art which can only be acquired by practical 
experience. From this point of view, the holons on the upper and lower boundaries 
in a SOHO-structure play an important role and deserve special attention. It is 
mainly their proper functioning which defines the quality of performance of a 
SOHO-structure. Although such considerations might be evaluated as being trivial, 
it might be interesting to the reader to construct his own example. In the 
organizational structure of a company, the people at the highest management level 
and the workers on the lowest level are in that sense critical holons, which realize 
the input/output processes on the interfaces of a SOHO-structure which is embedded 
in an environment consisting of the market. 
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Fig. 1. Communicating a reference system to the most upper holons of a holarchy (from a 
book by Robert Fludd) 



By our above arguments the holons of the layers between are classified as a type 
of administrative helpers. The realization of their “Janus face” does not need the 
kind of “art” or “skill” necessary for the holons on the upper and lower bounds of a 
holarchy (SOHO-structure). However, this should not make them less important. To 
avoid “bureaucracy” these holons have to perform their Janus faced function in an 
intelligent manner and have to possess a certain autonomy. Furthermore the holons 
on intermediate levels are strongly responsible for the selforganizing property of a 
SOHO-structure. Using constraints they detect the need for restructuring the 
hierarchical order, including the cancellation of holons and their depending parts or 
the addition of new holons in order to adapt to requirement changes and improve 
performance. Although flat hierarchies with a small number of intermediate levels 
are often desirable, the complexity which exists or is demanded of a real system 
very often requires a certain number of intermediate levels. 
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The choice of words which we use suggests to the reader the organizational 
structure of a country, a company, or a governmental administrative division as a 
valid example of a SOHO-structure. However, Koestler’s conceptual framework has 
a much wider domain of application, for example any living organism, a forest but 
also biological cells or a fully automated manufacturing system, are real systems to 
which this framework can be applied. 

Hierarchies are already models in a decomposed form. The different control- and 
communication channels between the holons constitute the coupling system of the 
decomposition. A hierarchy with holons as its components, a holarchy, constitutes 
generally a very desirable decomposition of the overall system. 

In the case of a “multi-strata holarchy” (in the sense of Mesarovic-Koestler) the 
overall model is decomposed into different levels, where each level models the real 
system in discussion from a certain domain-specific and abstract point of view. 
Within a domain-specific view of modeling, the model represented by a multi-strata 
hierarchy at a certain level is a refinement of the models of the levels above. Very 
often this refinement is realized by an accompanying decomposition, such that to a 
component of a level-model several components are assigned in the refined version 
of this component at the next lower level. In this case components of a certain level 
in a multi-strata model have a “Janus face” in the sense of Arthur Koestler. The 
question is, whether the necessary additional features of components of this kind can 
be found, such that they can be considered as holons. The answer can be positive if 
we assume, that the performance of the model has also a stratified structure such that 
every level-model has to meet certain performance criterion as determined for that 
level. Then “intelligent” behavior of the level components are required and self- 
organisation of some kind might be necessary to meet the performance 
requirements. 

Examples are given by “design hierarchies” as used in the design of 
microelectronic circuits or generally in the use of the methodology of systems 
engineering. Other examples are given by “evolution hierarchies” as represented by 
models of the evolution of living systems or also in some respect by the evolution of 
machines such as transportation devices (e.g., cars, railways, airplanes, ships) or 
machining tools (e.g., lathes, tool making machines, robots). 

Another type of decomposition of a model as discussed above is given by a multi- 
layer representation of the model. There the individual components are ordered 
hierarchically and depending on the level in the hierarchy they have to fulfill 
specific functions. Examples of typical applications of multi-layer hierarchies are 
given by organization charts of a company which determines the responsibility in 
decision making, supervision, and workload distribution. While for multi-strata 
decomposition of formal models many systemstheoretical methods do exist, not so 
many methods for multi-layer decomposition are known. Their existence depends 
very often on an evolutionary process over a rather longer period of time. As 
mentioned already in the introductory part, multi-layer hierarchies are however well 
suited as the framework of a holarchy. The performance of such a “multi-layer 
holarchy” depends strongly on the degree of autonomy of the individual holons. The 
extreme case, that the holons depend in their functioning completely on the leading 
holons of the most upper layer represents dictatorship with a central organization 
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enforcing bureaucracy. The other extreme case that the individual holons of a multi- 
layer holarchy are completely independent determines an uncoordinated system 
which most likely performs in a chaotic manner. To find a balance between these 
extreme cases is an important goal in the design of complex systems. However it 
seems, that a mathematical approach to support such a design is not currently 
available. This results in practice, for example, in permanently changing 
architectures of socio-economic systems depending on the political orientation of the 
decision makers. In the case that the upper holons of the holarchy emphasize the free 
market they trust that selforganization will eventually bring the system into the 
wanted balance. In many practical cases this might not happen during the envisaged 
time horizon and the goal is not reached. On the other hand a completely planned 
and controlled market has always the danger that certain holons or clusters of holons 
of the hierarchy will not function as planned and will not contribute towards the 
wanted balance. 

Arthur Koestler defines for the SOHO-structure explicitly what he means by the 
“Janus face property” of a holon. When looking “down”, a holon represents a quasi- 
autonomous whole (self-assertion tendency) such that the depending holons of the 
next level have for performing their main function no need in coupling their input- 
and output channels to other holons. 

On the other hand, looking “up”, a holon integrates its functions into a existing or 
developing whole (integration ability). 

In the case of living systems Koestler points out that in adult holons the self- 
assertion tendency is realized by the emphasis on rituals caused by instincts and by 
stereotypical thinking caused by past experience. The ability to integrate is 
supported by the creativity of a holon to adapt to new needs of the associated whole. 

According to the hierarchical functioning of a holarchy Koestler distinguishes 
between input-hierarchies and output-hierarchies. Input hierarchies in the sense of 
Koestler operate to achieve from the signals and states associated with holons on 
lower levels an abstraction or generalization represented by the signals and states of 
holons on upper levels. Input hierarchies have therefore the main function to 
compute the emergent properties in a holarchy. 

Output-hierarchies, on the other hand are defined by Koestler as holarchies which 
operate in the opposite direction of an input hierarchy. They take signals and states 
from holons of upper levels and transform them to specific concrete signals and 
states suitable for the proper operation in holons of the lower levels of a holarchy. 

Further properties which are introduced by Arthur Koestler to specify a SOHO- 
structure concern the degree of arborisation of a holarchy and the degree of 
reticulation of such a structure. Further he discusses the importance of regulation 
channels, which take care that in a holarchy signals are transmitted only one step at a 
time, up or down. The holons of a SOHO-structure have to be balanced between 
being “mechanized” and having a certain degree of “freedom”. Holons on higher 
levels have usually more freedom for their operation while holons at lower levels 
will usually have to follow more mechanized patterns in their operation. Another 
important property of a SOHO-structure concerns its degree of performance between 
dynamical equilibrium and complete disorder. Dynamical equilibrium is achieved if 
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the self assertion tendency and the integration tendency of the holons counterbalance 
each other. Disorder appears if those tendencies dominate each other. In this context 
it might be interesting to mention that Koestler states that the rules of a social holon 
are not reducible to the rules which conduct its members. 

The final statements in Koestler’ s definition of the properties of a SOHO- 
structure are devoted to regeneration. Critical challenges caused by the environment 
of a holarchy result in changes of rules for operating holons such that an adaption to 
new circumstances is realized by a reached new state of equilibrium. 



3 Agents and Multi-agent Systems 

In the definition of “agents“ and “multi agents" we follow directly J. Ferber (1999). 

An agent is a physical or virtual entity which 

(a) is capable of acting in an environment, 

(b) can communicate directly with other agents, 

(c) is driven by a set of tendencies (in the form of individual objectives or of a 
satisfaction/survival function which it tries to optimize), 

(d) possesses resources of its own, 

(e) is capable of perceiving its environment (but to a limited extent), 

(f) has only a partial representation of this environment (and perhaps non at all), 

(g) possesses skills and can offer services, 

(h) may be able to reproduce itself, 

(i) whose behavior tends towards satisfying its objectives, taking account of the 
resources and skills available to it and depending on its perception, its 
representations and the communications it receives. 

Having the properties (a) - (i) an agent can be considered as an “intelligent 

system”. An agent can also be considered as an I/O Systems serving an user as part 

of the environment. 

A multi-agent system (or MAS) is according to J. Ferber a system which is 

defined by the following elements: 

(1) An environment, E, that is, a space which generally has a volume. 

(2) A set of objects, O. These objects are situated, that is to say, it is possible at a 
given moment to associate any object with a position in E. Some objects are 
passive, that is, they can be perceived, created, destroyed and modified by 
active objects. 

(3) An assembly of agents A, which are specific objects (AcO), representing the 
active objects of the system. 

(4) An assembly of relations, R, which link objects (and thus agents) to each other. 

(5) An assembly of operations. Op, making it possible for the agents of A to 
perceive, produce, consume, transform and manipulate objects from O. 
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(6) Operators with the task of representing the application of these operations and 
the reaction of the world to this attempt at modification, which we shall call the 
laws of the universe. 

From a systems point of view a MAS can be viewed as an open system consisting 
of a network A of agents and a set of O objects on which they act. Both sets are 
coupled to the environment E which includes also the model of the user. In case that 
there are no objects in a MAS (0=0) the MAS is called a purely communicating 
multi-agent system (CMAS). 

In case that the set A of agents and the set O of objects of a MAS together with 
channels between them have a tree-like hierarchical order we are conceptually close 
to the definition of a holarchical system of A. Koestler. The individual agents of the 
tree-structured MAS can be considered as holons. The objects which are situated on 
the same level of an agent (holon) can be considered as the (physical) work-pieces 
associated with it. the environment E models the outer world of the holarchical 
system which is defined by the MAS. 

In MAS research and development two different schools of thought are 
appearent. The “cognitive school” assumes that each agent acts as an “intelligent” 
system. 

A MAS can then be considered as a topic of “distributed artificial intelligence” 
(DAI). By contrast the second school, the “reactive school” assumes that the 
individual agents of a MAS have not necessary to proof a certain degree of 
intelligent behavior in order that the MAS as a whole demonstrates intelligent 
behavior. The intelligence of MAS is, in this case, considered to emerge as a system 
property generated by subsystems. 

A holarchical system of A. Koestler does not distinguish sharply between these 
two viewpoints. Holons have to be intelligent systems, however it is assumed also 
that the whole holarchy has in reaction to the intelligent behavior of the individual 
holons an overal intelligent behavior which emerges as a new system property. 



4 Multi-agent Holarchies: Conceptual Foundation 

After our reviewing of the concept of a “holon” and of “holarchy” as introduced by 
A. Koestler and the discussion of the definition of an “agent” and of a “multi-agent 
system” as given by C. Ferber we want to compare these two approaches in 
modeling complex distributed intelligent systems. Our goal is to point out that 
holons can be considered as agents and that a holarchy (a model which has a SOHO- 
structure as defined by A. Koestler) is a specific multi-agent system. If we are able 
to show this, the existing multi-agent methodology together with the associated 
multi-agent software technology can be used to model and simulate holarchical 
systems. 

Let us start in identifying Koestler’ s holons as agents. Each holon of a SOHO- 
structure has the ability to interact with the overal environment such that (a) of the 
definition of an agent is fulfilled. Furthermore for each holon there exist 
communication channels to its “master holon” above and to all holons which are 
subholons of it on the next layer. This means that (b) is valid. Koestler assumes from 
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each holon of a SOHO-structure that it performs according to a overal performance 
criterion given for the whole holarchy. Therefor a holon fulfills (c). Koestler does 
not assume expressis verbis the properties (d), (e), (f) for a holon. However these 
properties of an agent do not contradict with Koestler’ s holons and might be 
assumed. The property (g) of an agent is for Koestler of special importance. Each 
holon of a SOHO-structure is assumed to have special skills to offer services to its 
associated “master holon”. The property (h) of an agent, the ability of self- 
reproduction is a property which is specifically emphasized in Koestler’s definition 
of a holon. The same applies to the property (i) of an agent. A holon tries always to 
meet a given performance criterion under the given constraints in resources, skills 
and available information. We conclude that holons can be considered as agents. 

Next we compare the properties of a holarchical system HS (a model with a 
SOHO-structure) with the properties (1) to (6) as assumed by C. Ferber (1999) in the 
definition of a multi-agent system MAS. 

In (1) it is stated that the environment of a MAS should have the property of a 
space with nonempty volume (measure). Since a HS being an open system interacts 
with an environment assumption (1) is acceptable also for a HS. A MAS has a set O 
of objects which are positioned in E. Some of the objects are according to (2) 
passive and can be perceived, created, destroyed and modified by other objects, the 
active one, which are according to (3) agents. In a HS holons can be considered as 
objects of a MAS, which are because of their janus-face active (acting as master- 
holons) and passive (acting as sub-holons) at the same time. With this interpretation 
of holons (2) and (3) as required for a MAS are by a HS fulfilled. A HS fulfills 
furthermore the properties (4) to (6) of a MAS however with the restrictions which 
are given by the tree-hierarchy of a HS. A holon will apply operations from Op to 
perceive, produce, consume, transform or manipulate only to the associated sub- 
holons. 

This concludes our discussion to compare HS and MAS. We have pointed out 
that the conceptual framework of a SOHO-structure as introduced by Koestler is 
fully compatible with the elaborated modem concept of a multi-agent system. Since 
MAS methodology and the associated MAS software technology (regarding 
modeling and simulation) has reached a high standard, we are optimistic that they 
can provide the proper means to model and simulate the kind of complex biological 
or socio-economic systems which Koestler had in mind. Besides it should also be 
possible to apply MAS technology to the field of “Holonic Manufacturing Systems” 
(Kawamura (1997)), a field which has found international interest in Robotics and 
Manufacturing (Jacak (1999)). 

To approach the concept of a “Multi-Agent Holarchy” we introduce the concept 
of an organisation in a MAS. After Morin 1977 (as sited in Ferber 1999) an 
organisation is defied as 

“an arrangement of relationships between components or individuals which 
produces a unit, or system, endowed with qualities not apprehended at the level of 
the components or individuals. The organisation links, in an interrelational manner, 
diverse elements or events or individuals, which thence forth become the 
components of a whole. It ensures a relatively high degree of interdependence and 
reliability, thus providing the system with the possibility of lasting for a certain 
length of time, despite chance disruptions 
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Therefor if we assume for a MAS to constitute a organisation we get a 
hierarchically ordered multilevel system. 

Ferber 1999 comments on this part (p. 90): 

“The concept of levels of organisation makes it possible to consider the 
embedding of one level into another. In the same way that, in biology, a cell is 
considered as being an organisation of macromolecules and at the same time an 
individual being for the multicellular organism of which it forms a part, we can 
similarly consider that an organisation is an aggregation of elements of a lower 
level and a component in organisations of a higher level). ’’ 

Furthermore this saying is supported by the following Figure 2. 




Fig. 2. Agents at level n are grouped into organisations which can be considered at level n+1 
as individual entities. Inversely, individual entities at level n+1 can be seen at level n as 
organisations. The process can be repeated on any number of levels (from C. Ferber (1999)) 

We are now at the point, where we are able to compare A. Koestler’s concept of a 
holarchy with the concept of a multi agent system which is an organisation 
(organisational multi agent system OMAS). 

Both are tree-like hierarchical structures with autonomous intelligent acting 
components being the nodes of the tree-structure. The architecture and the kind of 
components seems to be of the same kind. Although A. Koestler had with his 
“holons” models from the biological fields in mind he did not specify in detail their 
functional behavior or their structural internal properties. Flere the conceptualisation 
is in case of agents on a advanced state of development and can be used for the 
construction of special types of holarchies. This applies also to concepts for a formal 
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specification of holons where different formalism for agents are known. A further 
progress in methodological matters of “agent technology” with respect to Koestler’s 
framework its operationality with respect to software implementation. This allows 
the effective construction of simulators for multi agent systems and can naturally 
also be used to simulate holarchies. At the time of the appearance of Koestler’s work 
(1967) the science and art of model based simulation was still in an early stage. 
Furthermore Koestler himself had, as we guess, no close relations to computers and 
programming and did therefor probably not explore any application of simulation. 

Agents, following the terminology of Ferber (1999) can realize different 
organisational function such as being a supplier (servicing customers), a 
mediator(managing execution requests), a planner (determining actions to be taken), 
a coordinator (distribution of actions and execution requests), a decision maker 
(taking the choice between different possible actions) or a executive (realizing 
actions). 

Such functions can also be observed for holons. A difference is, however, that the 
holons of Koestler are according to their role in fulfilling an organisational function 
hierarchically ordered but the agents in an OMAS are seemingly all on the same 
level and they define as group-collections only virtually agents of conceptual 
abstract kind on levels above. 

In the next chapter we will see that this difference is only artificial and we are 
able to remove this by assigning to holons the proper organisational function. 



5 On Construction of Multi-agent Holarchies 

In the following we try to construct a formal model for the architecture of a holarchy 
such that its components are possible candidates to perform organisational functions 
as agents of a OMAS. In consequence the existing multi-agent system methodology 
can be used to realize specific agents in line with Koestler’s concept of a holon and 
to assure properties which are requested for a holarchy. If this is successfully done, 
we call such a holonic organisational multi agent system (HOMAS). Although in 
this first attempt we will not be able to show the construction of a HOMAS in detail. 
However, thanks to the developed state of multi agent systems methodology we can 
claim that this is possible for many cases of specific SOHO structures. In our 
proposed construction we follow Pichler (1999). 

We start with the principal task of describing the systems architecture of a 
holarchy with the usual systems-theoretical means. A holarchy in the sense of 
Koestler can be classified as a multi-level system in a kind of a multi-layer system 
(in the sense of Mesarovic-Takahara (1970)) with - as seen top-down - a graph- 
theoretical tree-structure. Its components M(i,j) (= the j’th component on the i’th 
level) interact with the network and with the environment by the following 
couplings: 

(1) each component M(i,j), (i=0,l,2,...,n-2) is coupled to its associated “parts” 
which consist of components M(i+l,k), k=l(l),l(2),...,l(i,j), of level i+1 

(2) from each component M(i,j) (i=l,2,...,n-l) we have couplings to exactly one 
associated component M(i-1, k(i,j)) of the level i-1 above, the associated 
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“whole”. Level 0 contains only one component M(0,1), the “root” of the 
network. M(0,1) has, according to our definition, no associated “whole” above 
it. 

(3) each component M(i,j) of a holarchical network is coupled to the environment E 
of the network. In this sense all components M(i,j) can be considered as “open”. 




Fig. 3. Example of the tree-like architecture of a holarchy 



To model the couplings of a holarchy different concepts can be used. In the 
simplest case coupling can be defined by joining variables, dynamic or static, of the 
individual components. In more complex cases functions or relations (static or 
dynamically generated by some kind of “machines” such as, for example, marked 
petri-nets) can be used to define the couplings. In general, since in practice the 
different levels have a different semantic meaning, coupling operations have to be 
transducers to establish the proper connection between the different levels of 
language use. 

In the simplest case a component M of a holarchy can be modeled by an I/O 
relation MczXxY, where X is the set of inputs and Y the set of outputs. A 
component of this kind is also called a “general system” (in the sense of M. 
Mesarovic (1975)) or a “black box” (if nothing is stated about how the I/O relation 
M is constructed). However, as seen from the systems-theoretical point of view, the 
most desirable formal model for a component of a holarchy is given by a dynamical 
system with input and output DS. Most often a DS will be defined by an associated 
“generator” in the form of equations which describe locally the rate of state-changes. 
Examples are here given by differential- or difference equations, by marked petri- 
nets, by formal grammars, by the rule-bases of expert systems or by finite state 
machines. 

A hierarchical decomposition of a complex system, as requested by A. Koestler 
for building a holarchy, results in a division of the workload among the different 
components. While components M(i,j) of “higher” levels (i=l,2,...), to fulfill the 
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functional requirements as posted by the environment E, contribute mostly to the 
planning part, the components M(i,j), (i=n-l,n-2,...) of the “lower” levels have to put 
an emphasis on the “physical” realization of the “tasks” as required by the 
environment. Besides observing the fulfillment of functional requirements, as they 
are stated via the associated “whole” M(i-l,k) above, they have to contribute to 
satisfying non-functional requirements which are typical for the associated level i. 
As a consequence the formal models to be used in the different levels of a holarchy 
have to differ in their granularity. While on higher levels symbolic operations which 
reflect qualitative features will be dominant, the models of the lower levels will have 
to perform numerical and quantitative operations. 

To make the mathematical analysis of a holarchy feasible, it is advisable to 
choose the model-types for the different components M(i,j) as homogeneously as 
possible. To give an example, if we use for all components formal models of a 
dynamical system with input and output, then we are able to apply the concept of 
“dynamorphism” as introduced by M. Arbib (Pichler 1983) to describe the couplings 
between the different levels. Furthermore, in case of the existence of an effective 
method to decompose a specific type of dynamical system, we are able to build the 
network in a top-down manner starting from the dynamical system given on top. 

The most important feature of an holarchical network, as defined by Arthur 
Koestler, concerns its self-regulating property. It is assumed that such a network 
adapts automatically to new requirements (as given by the environment) and 
automatically corrects internal faults by establishing a new configuration of its 
architecture. 

Self-regulation in that sense is only possible if every component possesses a 
certain degree of autonomy to be able to respond in the appropriate intelligent 
manner. The model-types of classical systems theory, which are by their tradition 
rather “mechanical”, have to be extended towards “biological” features such as 
learning, adaptation and others. In the following we try to sketch principal 
approaches to construct such extensions. 

As we know, each component M(i,j) of an holarchical N(M) represents, for its 
associated “parts” Ti,T 2 ,...,T, which “live” on the level i+1 below, a “whole”. There 
exists no direct coupling relation between the parts; the necessary “communication” 
has to be established via the whole M(i,j). If we answer the question, how for a 
given component M(i,j) (i=0,l,...,n-l) the associated parts Ti,T 2 ,...,T, can be 
constructed, we have also the means to design by iteration “top-down” the whole 
network N(M) starting on level 0 with a initial given “machine” M. By E we denote 
the set of all functional and non-functional requirements which M has to fulfill. In 
this case we write M~E. 

The principal idea for our approach consists of the first step in the construction of 
a decomposition K(M|,,Mi,...,M,) of M(i,j) into components Mj(i=0,l,...,l) which 
fulfill individually associated requirements E; (i=0,l,...,l) such that their “union” 
covers E; E„uEiU...uEpE. In this case we write K(M„,Mi,...,M,) o M(i,j). In a 
second step we distribute the workload (= the tasks to be solved) of M(i,j). We 
determine that the component M„ of the decomposition K(M„,Mi,...,M,) will be 
executed by M(i,j) on level i. However, the components Mi,M 2 ,...,M„ which are left, 
are only planned by M(i,j) on level i. Their execution is delegated to the associated 
parts Ti,T 2 ,...,T, on level i+1 of the network. This requires that each part Tj 
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(i=l,2,...,l) simulates the associated component M in such a way, that the set Ej of 
requirements which are assigned to M; are fulfilled. A simulation of Mj by is 
denoted by TjOiMj. Figure 1 shows, using a block-diagram the relation between the 
“whole” M, the decomposition K(M„,Mi,...,M,) and the associated “parts” Ti,T 2 ,...,T,. 



M 








Mq Mj Mj jyi^ 


i 


k i 


k i 


1 

k 




’ } 


^2 

’ } 


’ 




Fig. 4. Requirement delegation from M to the components Ti,T2,...,T, 



For the construction of a decomposition K(M„,Mi,...,M,) of M two different types 
of methods can be distinguished: for a given pair (E,M) one type is given by 
methods which establish a proper selection of components M„,Mi,...,M, (known to 
the designer by past experience) together with an applicable coupling relation K so 
that K(M„,Mi,...,M,) is a decomposition of M. Methods of this kind are here called 
“inductive”. The second type of methods, which we call “deductive methods”, 
compute by mathematical-logical reasoning, starting from a given M, an associated 
decomposition K(M„,Mi,...,M,). In this case the components M;(i=0,l,2,...,l) of the 
decomposition are specific homorphic images of M which reflect certain structural 
and behavioral properties. The coupling relation K ensures it provable that 
K(M„,Mi,...,M|) simulates M such that M~E is valid. 

The design of the overal holarchical network is established by a top-down 
procedure, which starts with the set E(0) of requirements to be fulfilled by the model 
M(0) at top-level 0. The decomposition K(M„(0),Mi(0),...,M,(0)) derived for M(0) 
determines the partition of the workload between level 0 and level 1. M„(0) 
describes the execution part of systems activity at level 0, Mi(0),...,M,(0) determines 
the planning part of M(0) at level 0. The task of execution of this planning is 
delegated to the associated parts Ti(0),T2(0),...,T,(0) at the next level 1 below. Each 
part Tj(0), i=l,2,...,l(0) is now considered as a formal model Mj(l) on level 1 which 
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is the basis for a continuation of the procedure that is: decomposition into an 
execution part and a planning part, followed by the delegation of the planning part to 
the next level. After k steps the procedure stops at formal models Mj(k) which can 
be fully executed and do not require the delegation of a planning part to parts at a 
next level below. 

So far we did not mention any relation of the constructed abstract architecture to 
organisational multi-agent systems (OMAS). However, the reader which is familiar 
with the concept of OMAS has most likely already seen this relation. A component 
M at a level i (see Figure 3) can be seen as model which represent the emerging 
collective behavior of the models M„,Tj,T 2 ,...,T,. M is mainly a planning agent which 
determines by Mj,...,M, the kind and distribution of actions for the agents Tj,Tj,...,T, 
of level i+1 and by the action for (own) execution on level i. The simulation 
assignments realize a “membrane” (Ferber (1999)) between level i and 

level i+1. The simulation assignment a assures the decomposition of M into 
K(M„,M,,...,M,). 

We see that the proposed interpretation of model-decomposition leads on the one 
hand to a hierarchical order in the sense of A. Koestler which is needed for a 
holarchy and on the other hand also to the concept of a organisational multi-agent 
system, where the different levels model the emerging properties of a collective. The 
used “trick” is, to have on level i an agent which reflects by M the emerging 
collective properties of Tj,Tj,...,T,.of the agents on level i+1 and which determines 
by M„ its own execution function and determines by Mj,M 2 ,...,M, the tasks for 
Tj,Tj,...,T,. of level i+1. 



6 Conclusion 

The paper considers in an informal manner the concepts of “holon” and “holarchy” 
as introduced 30 years ago by A. Koestler to model complex systems in the 
biological and socio-economic fields. In addition it discusses the modem concept of 
“agent” and “multi-agent system” which are currently in use in modeling and 
implementing distributed software-systems which assist intelligently the user in 
solving certain tasks. The comparison of these two approaches in modeling shows 
that multi-agent systems are appropriate conceptual means to model Koestler’ s 
complex systems with SOHO-structure. Furthermore they provide the computational 
means for the simulation of such systems. This gives us for the future some hope 
that the work of Koestler in modeling complex systems such as the dynamics of the 
evolution of species or brain functions has a chance to be continued. 

On the other hand by following such research goals of A. Koestler might also be 
fruitful to the further elaboration and extension of multi-agent systems methodology 
and the associated tools. 
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Abstract. In this paper we study the partition of a systems by a new 
theory denoted General System Logical Theory GSLT). The partition 
of a system in subsystems creates a conflict situation. In fact when we 
move from the system to the subsystems, new variables grow up. These 
variables are the elements that represent the interaction of one subsystem 
with the others. The interaction is computed by recursive equations that 
compute the interaction terms. So any subsystem can be isolated from 
the total system but we must join external variables or sources or inputs 
that represent the action of the other subsystems. The GSLT language is 
used to detect the conflict between the system and the subsystems and 
solve the conflict by the computation of the internal action among the 
subsystems. We can associate with any subsystem a global variable that 
changes in time only for the action of the other subsystems. 



1 Introduction to the General System Logical Theory 
(GSLT) 

The General System Logical Theory (GSLT) used in this paper is based on the 
input-output paradigm at different levels and was first proposed by Resconi and 
Jessel (Resconi and Jessel, 1986). It has since been applied to deriving the basic 
rules of tensor analysis in non-Euclidean space (Mignani et ah, 1993), the study 
of robot (Resconi and Tzvetkova, 1991; Petrov et ah, 1994), extensions of Markov 
chains (Kazakov and Resconi, 1994), General Relativity (Mignani et ah, 1993), 
the action control of sound of waves (Resconi Jessel 1986) and the intelligent 
machines (Fatmi et ah, 1990). Using the language of GSLT different contexts 
are connected at different levels. In fact at the first level inside a given contexts 
we define operators that connect variables in input and in output. At the second 
level an agent with information in the first context determines the wanted input 
and output value in a second context. The agent tries also to build operators in 
the second context coherent with the first as we can see in fig. 1 
Or 

Oq O2 
0 \ {O12, O21} 

For example in fig. 1 the operator Mj can be a transformation of the position, 
M° and M }2 the derivative as to time and M 21 the transformation in the context 
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First context 




Fig. 1. Elementary Logical System at the Second level or ELS(2) 



of the velocity. The couple {0i2,02i} represent the conflict situation between 
the context of the position and the context of the velocity. The agent can make 
some errors in the definition of the operator in the second context errors that 
can be compensated. At the third level as we can see in fig. 2 



2 



3 




Fig. 2. Elementary Logical System at the third level or ELS(3) 



Or 

Oq O3 

0 \ {Oi3,03i} 

{O12, O21} {Ol23i O213, Ol32, O321, O231, O312} 

O2 {023,032} 

another agent, with the information in the two contexts generates the input 
and output wanted values for other two contexts. In this way he controls the 
transformation between two new contexts. The same agent creates connection 
between the new contexts in a coherent way as to the previous one Other agents 



I = ALS'(3) (2) 
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can generate higher levels. We are led to particular n-dimensional diagrams or 
Elementary Logic Systems ELS(n) generated by a simple recursive rule. 

The role of GSLT in problem development and solution hinges compensation 
notions. Compensation gives an important connection with the suited notion 
of compensation prevalent in physical systems. Compensation creates coherent 
relations between levels of control. 



2 Space Partition of the Wave Propagation System 



When the model of a system is represented by differential equations in many 
cases we cannot use this model for the difficulty to obtain the solution. One way 
to simplify a complex model of a system, is to divide the system in subsystems. A 
set of equations is associated with any system that we represent in this symbolic 
way 

Pn=S. (3) 

Where n is a vector of variables, P a differential operator and S a vector of 
input values or sources. For the wave equation 

/ 52 1 \ 



and 





c(a:)2 dt"^ 

With the transformations /ij with j = 1, 2, . . .p we can generate from the set of 
variables n the variables nj = /ijn. In a matrix form 




n; 



nil ni2 ■ ■ ■ riiq 

ri21 U22 ■ ■ ■ n2q 
n^q 

Tip\ Tlp2 . . . Tlpq 



Mil M12 • ■ • Mlg 




ni 


M 2 I M 22 • ■ • M2g 






fj,pl flp2 ■ ■ ■ fJ^pq 




riq_ 



where 

1 

j j 

Given the prototype operators Pj for any row of the previous matrix the associate 
sources are given by the formula 
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and 
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C eai 

^2 
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r21 T22 . 


• ■ b2g 




S2 
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‘ ^ pqj 







so we have the formula 

Pjnj=Sj+Sf = (Mj+rj)S (7) 

SO 

"=i:pi‘(sj+sr)^ (8) 

i 

The connection between the original system in (3) and all the different subsy- 
stems with the prototype operator Pj is given by the relation 

^P,n,=^Sj + Sf = Pn=S 

3 3 

where 

= (9) 

i 

The exchange sources SJ’' give the difference among the change of the variables 
n and the associate variables S in (3). The exchange sources have sum equal 
to zero. 

The variable n(t) and the projection operator /ij form the context of the 
states of the system (see fig. 3). When we change the context and from n(t) 
we move to the source or input S, the operator associated with the previous 
operator /ij is formally defined in this way (/rj -t-Tj). The unknown operator Tj is 
the compensate term that we introduce when we move from the context of the 
states to the context of the sources We show the two contexts in one picture in 
fig. 3. 




Context of 
the Sources 
or Inputs to 
the system 



[Pj(iji>.(Hj+rj)Pn = Sj+6“j] 



the system 



Fig. 3. 



The operator /ij changes in (/ij -|- Tj) when we move from one context to the 
other. The two operators are operators of the first type. The operators P and 
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Pj that change the contexts are operators of the second type. As we can see in 
fig. 3 in the sources context we have the couple of results 



[Pj/tjn,(^j +rj)Pn] (10) 

where 

MjPn + rjPn = Sj + Sf. (11) 

For the coherence between the function n(t) and the sources S, we must have 
the identity condition 

PjWn = (Mj + rj)Pn (12) 

so we have 

(PjMj-/ijP)n = FjS = Sf (13) 

but with Pj~^ from the sources context we can come back to the solutions n(t) 
by the relation (13) see fig. 4. 




Fig. 4. feedback form by ELS(2) 



In conclusion we have the feedback 



(Pj/Xj-A.jP)SP-ij (Sj + Sf)^Sf. 



(14) 



Remark 

With the operator P~^ we have the diagram 




Fig. 5. inverse operator of P 
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where 

(PjMj-MjP)P-^S = Sf. 

But in general we cannot solve the equation (3) so we have not the operator 
P“^. In this case we use another path to obtain n as we can see in fig. 5. When 
we know the with the feedback, we can know the solution of the system 
equation (3). In fact with the equation (8) we can obtain n(t) from SJ’'. In fig. 6 
we collect in one picture all the previous considerations. 




Coherence 

Pj Hjn = (H, + rj)Pn 

(PjIXj -HjP)n = rjS =S“j 



feedback 

(PjHj -HjP)SP-ij(Sj + S“, ) = S“j 



Fig. 6 . feedback and ELS ( 2 ) 



To obtain a feedback that converges to the fixed point in any case, we change 
the previous feedback in another by the Theorem 1. 

Theorem 1. When we write the feedback in this way 



Sf (n + 1) = (Pj^j - /XjP) SP-ij (Sj + Sf (n)) - Sf (n) + Sf (n) 



for 

(PjMj - A^jP) SP-\i (Sj + Sf (n)) - Sf (n) = F(Sf (n). 
The feedback becomes 

-k2p(Sf’^,n) dF(Sr,n) 

■^j 1 r t 2 qcex ^ -^j db- 



l + k2F(Sf,n)2 



2 (J5|x 



(15) 

(16) 



(17) 



When there is a fixed point the feedback in the last form converges to this fixed 
point and to a point with derivative equal to zero. The parameter k is the step of 
the recursive process. 
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Proof. Because we have 



F(S?*,n) 



[l + k2F(S“,n)2] '*5^ Jl + k^ F(S“ ,n)2] y^[l+k2 F(S?* ,n)2] 



for 



we have 



R{F) = 



k2f(Sf ,n 



l + k2f(S|’^,n)2 



-k^f(Sf,n) ^df(Sf,n) 1 dR{F)^ 



dSf 



dSf 



^l+k2f(Sf,n)2j 

So the recursive process can be writen in this form 

cex/ IdR(F)^ 

Sr(n + 1) = 7 ^-^ + SP(n) 

3 y ’ 2 dSf^ J ^ ’ 



2 dSf 



where we have that when 



F(S|’^, n) — >■ 0 also 



dR{Ff 

dSf^ 



0 and R(F) — >• 0 



as we know R(F)2 > 0 so R(F)^ = 0 only when F = 0 

Because when F ((SJ’^)) = 0 also R ((SJ’^))^ = 0 with R ((SJ’'))^ > 0 



dR{Ff 

dSf^ 



= 0 . 



Given an SJ’' > (SJ^')* where F ((SJ^')*) = 0, we have 

dR{Ff 



dSf^ 



> 0 



and 



Sf(n+l)<SJ». 
Given an SJ’' < (SJ^')* we have 

dR{Ff 






< 0 



we have 



so in any case we have that 



Sf(n+l)>Sf(n) 



Sf 



(Sf )* where F ((Sf )*) = 0. 
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Example 1. When we compare the previous iteration method with the Newto- 
nian formula 

(Sr,n) 

Oj (,n-|-ij d_F(S“,n) ^ J 1 h 

We remark Sidney Yakowitz (1989) that for the function 

F{p) = 1 - 2exp(-|p|). 

Given by the graph 



, 0 . 986524 , 



F(Pi) 




.- 5 , 



, 4 , 9 , 



Fig. 7. the Newton method cannot find the zero valnes for the given function 



The Newton method always diverges. With the new method for k = 0.5, and 
100 steps we have p = 0.69316 with F(0. 69316) = 1.341 10“^. The behaviour to 
the convergence is 




0 50 100 

A n ,100, 



Fig. 8. Behaviour of the recursive process in this paper for the function in fig. 7 



With the recursive process 



Pn+i := -k^ - ^ ^ • D (p„) -h p, 

(l + k2.F(p„)2) 

where D(pn) is the derivative of F(p). 
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3 Physical Example 

One example is the physical system given in fig. 9 



ni(x,t) Cl 




C 2 n 2 (x,t) 




Fig. 9. 



Physical system composed by two parts one on the left where the sound 
moves at a constant velocity Ci and the other on the right where the sound 
moves at constant velocity C2- In the physical system the velocity of the sound 
is not constant, but can be divided in two subsystems where the velocity is 
constant. 

As we see in fig. 9 the sound wave enters in one tube with velocity Ci and 
goes out with velocity C2. The propagation of the wave of sound pressure n(x, t) 
in all the tube or system is represented by the differential model 

where S is the sound source. Because the velocity c(x) is function of the position 
X in the tube, the solution of the differential equation is difficult.. Because when 
the velocity is constant we can obtain the solution of the differential equation, 
we divide the system in two subsystems with constant velocity with 

ni(x,t) = ^in(x,t), n2(x,t) = ^2n(x,t). 

For the two variables we have the equations 

/ 52 1 92 \ 

= Pmi(x,t) = Aii5 + Sr = Si + Sr, (19) 

= P2n2(x,f) + = S2 + S|A (20) 

Because 

Ml + M2 = Ij we have /Z2 = 1 — Mi 

and because 

Sf + = 0, = -Sf 
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Fig. 10. internal and external sources to the subsystems 



and 



Pi/tin(x,t) + P 2 (l - iti)n(x,t) = Pn(x,t). 



We have 






That can be writen in this way 



(x)n(x,t) _ Mi(' 
dx^ 



(x) d^v,(x,t)\ 

f J 



d^(n(x,t) — fii{x)n{x,t)) 1 — /ii(x) d‘^n{x,t) 



dx"^ 

( d'^n{x,t) 1 d'^n{x,t) 



dt'^ 



So we have 

^j^^{x) d‘^n{x, t) 



dt^ 



and 



8^2 c(a;)2 dt^ 


)■ 


1 — fJ,i{x) d'^n{x 


,t)\ 


4 dt^ 


) 


■) 1- ni{x) 


1 


' 2 


c{x) 


_ 4 (4~c 


{xr 



1 d‘^n{x,t) 

c{x)^ df^ 



In conclusion we have 

When we take the solution in the vacuum as 

n(x, t) = u{x) exp(— zwt) where u = 27t/ 



( 21 ) 



and 



/ is the frequency of the wave. 

Because we have 

[{Sz+kl)ui{x)-M=^){^ + k^)]lG{ci)*(Si+Sr)+G(c2)*iS2+Sr)]=Sr 
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= '-^ f [mi(i') S(i’)dx’ +'-^ f IMx'} S(i')di' 



F(x) . = 



we have 



ik^ r 

- — I =Sf 



where the Green function G(c) is 

G(c) = — - exp(— ifcja; — x') and k = ki = — , k 2 = — . 
2ik c(x) Cl C 2 

The product is the convolution product. 



i{x) = Q{c) * S J G{x,x') S{x')dx' . 



The convolution product is the superposition of the fields (Green function) ge- 
nerated from the elementary sources inside S. 

4 System Partition 

Let us consider the system ^ with the equations 

4;A-/ n = S'i where / n =/in = /i(m, ri 2 , . . . , n,) and ^An=^. 
_dt j dt dt 

For the previous consideration we write 



A — / n = P n. 



So we have 



^A-/ n = Pn = ^Pknk = ^ ^x\^r^= S. (23) 



For the previous equations and for the relation 



/^kn = n or y^/Xk = 1 



/n = /y^nk = y^/fcnk where nk = 



we have 
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Where we choose the functions fk so that that we can solve the equations 



(24) 

Pk nk = 

for 



A / 

dt^ 



^kn = Sfc + S“ so we have /Xkn ~ Pk ^(Sfc + S|^) (24) 



/feMfcn = y] Aifcgfcn = / n. 

k k 

We can obtain the transformation Example : 

/rgi(n) = fi(^n),(l-^)g2(n) = f2((l-Ai)n) and Aigi(n) + (1-Ai)g2(n) = f((n) 

^ /(n) + g2(n) 
gi(n) -g2(n)’ 

In figure (11) we show the system partition 



so 





ni, /i 

▲ ^ 


► 

gex H 2 , f 2 

i 




1 


«3,f3 


"4 ,/4 





Fig. 11. system and subsystem functions and variables 



For any part of the system we write the equation 

Pknk = Mk^ + Sr (25) 

Because we can solve for any subsystem the differential equation (25) we have 

nk = Pk-^Mk^ + Sr) 

and we can create the feedback process (14) by which we can compute the sources 
and we can obtain the solution of the equation (22).+. 

When the subsystem is isolated and = 0, we have that 

Gk = PkHk — ^kkS = 0 

where Gk is the global variable for the k-th subset. In conclusion measures 
the change of the global variables for the subsystems. 
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Abstract. Within the last years the paradigm of intelligent software 
agents became an emerging topic in computer science research and de- 
velopment. Intelligent software agents are computational systems that 
populate complex dynamic environment, act and react there in an auto- 
nomous way in order realize a specific task based on a set of goals given 
to them. In multi agent systems (= MAS) intelligent software agents are 
grouped together and represent a network of problem solvers designed to 
achieve a common goal, which would be too large for a single centralized 
software agent. The member agents of such a multi agent system have 
a sufficient degree of decision-making autonomy and interact with other 
agents by explicit communication. Therefore the main fields of interest 
in multi agent based system design cover coordination, communication 
and negotiation based on uncertain data and knowledge of each member 
agent of the multi agent system. This article proposes s system theore- 
tical approach towards the design and synthesis of a multi agent system 
for controlling a robotic agent. 



1 Introduction 

The practical applicability of multi agents systems covers various fields in com- 
puter science - like intelligent information systems, distributed manufacturing 
control systems or control systems for multirobot applications. This article pre- 
sents the application of an multi agent based control system to the distributed 
control and internal communication in an autonomous robot enabling intelligent 
and flexible behavior of such a robot in partially known environment. We intro- 
duce the following controller components, which can be treated as independent 
control agents: 

- hardware agent ( robotic agent, or world object to be controlled), - task un- 
derstanding and interpreting agent, - action planning agent,- action execution 
agent,- action safety protection agent, - environment observation agent, - com- 
munication agent, and - negotiation agent. The structure of such a control system 
is shown in Fig. 1. 

The section 2 gives an overview of the formalism used for modelling the 
agents, the other sections describe some of the involved agents (action execution 
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Fig. 1. Structure of multiagent based control system 



agent, safety protection agent, communication agent and negotiation agent) of 
the multi agent system. The final section gives concluding remarks. 



2 Basic Notions 

2.1 Preliminaries to Multi Agent System 

A multiagent system is the group of cooperating agents acting in common envi- 
ronment. Cooperation between agents have a different focus. The main task is 
to solve complex problems by using cooperation and communication mechanism 
with other agents or external resources [5,6]. Cooperation is used when a pro- 
blem exceeds the capabilities of one individual agent or when other agents are 
available which can provide a proper solution or whose knowledge can be used 
by other agents. For the communication among agents communications chan- 
nels have to be established and norms have to be defined in order to ensure that 
agents can exchange information. 

The behavior of the overall multiagent system can be observed as the set of 
actions performed by each individual agent. Each agent follows its own specific 
goal. Between the goals of agents in a multiagent system can occur different 
dependencies. The set of all goals can change in the time. A goal set is quasi 
ordered by a priority relation, which determines the importance hierarchy of 
goals. The subset of goals which have the highest priority is called the primary 
goal set of the system. 
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2.2 Communication between Agents 

Two agents communicate with each other by exchanging messages. They must 
have some common meeting point through which the message exchange is hand- 
led. The delivery of the messages is managed through a special communication 
agent (CA) of multiagent system [1,2,3]. 

The messaging mechanism uses protocol templates, messages and conversa- 
tions . 

Protocol templates. In order to simplify the mechanism of exchanging messages 
between agents individual messages are grouped into a set of related messages. 
These sets of messages are used to create protocol template definitions. Once a 
protocol template has been created it can be used to define an agent’s interface. 
Interface definition is accomplished by the means of ports. 

The protocol template contains a set of one or more parameters. For example 
the following protocol template parameters can be used: 

conversation signature: Denotes the communicative act and the principal 
meaning of the protocol template. 

sender: Denotes the identity of the sender, i.e. the identifier of the agent and 
its port (see Section 2.3) called send-point. 

receiver: Denotes the identity of the intended recipient and contains the iden- 
tifier of the receipting agent and its port (see Section 2.3) called receive pOint. 
Note that the recipient may be a single agent or a tuple of agent. This corre- 
sponds to the action of multicasting. 

message: Denotes the message itself; equivalently denotes the object of the ac- 
tion. 

priority: Indicates the level of significance of a specific message. 

Based on the previous definitions a message is a data object that incorporates 
a specific protocol template. 

Message = {Protocol -template, data) 

The exchange of messages is called a conversation. A conversation is an ongoing 
sequence of communicative acts exchanged between two (or more) agents relating 
to some ongoing topic of discourse. It takes place over a period of time that may 
be arbitrarily long but is bound to certain termination criteria. 

2.3 Agent Architecture 

An agent architecture is determined by agent’s structure and behavior. The 
structure of an agent is defined as a tuple of four elements: 

Structure = {C, I, Contracts, KB) (1) 

where C is the set of agent components, which their own input and output 
ports C = {Comk\k € Kagent} ( Kagent IS the number of agent’s components), I 
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(the interface) is the set of agent input and output relay ports, Contracts is the 
set of connections between agent and other agents in multi-agent system and 
the KB {knowledge base) is the set of models and methods needed to decision 
making. 

There are two components common to all agent architectures a negotiation res- 
ponsible component and a knowledge acquisition and management component. 
The other components are agent’s specific components, which are needed to 
realize the agent’s goals. 



Agent Knowledge base. The knowledge base of an agent builds formal re- 
presentation of agent’s specified data, which are needed for decision making. 
The decision making is performed on the basis of return values of the methods 
or functions coupled with knowledge base and called by entry or exit functions 
of the state machine of different agent’s components. The general structure of 
knowledge base can be defined as 

KB = {Formal Models, Data Objects, Methods) (2) 

where Formal Models are the formal representations of stored knowledge. Data 
Objects are the currently stored data, and Methods is the set of procedures and 
functions, which are needed to data processing, reasoning and decision making 
The typical knowledge base contains four different models and their formal re- 
presentations: aworld model, a social model, a mental model and a plant model. 

The world model represents knowledge about surrounding environments of 
an agent. The social model represents knowledge about other agent acting in the 
system. The types of agent, their typical tasks, and their purposes should be 
known and also communication norms needed for exchanging messages between 
the agents. The mental model represents the knowledge about risk by decisions 
making and their consequences. The plant model contains the knowledge about 
construction, properties and structure of an agent. 

To processing the data of these basic models, functions and methods are grou- 
ped in a knowledge base methods set. The methods can be selected according to 
the following groups: processing and updating methods, reasoning methods, in- 
tention recognition methods, beliefs establishing methods, evaluation methods, 
learning methods, prediction and simulation methods. 



Agent’s Component. The component of an agent is agent’s unit which is 
enable to perform specified actions based on messages from other components 
of agent and knowledge base of the agent. Each component has the following 
structure: 

Comk = {Portsk, State Machinck) (3) 

Component’s port is a declaration (a reference) of the set of incoming and out- 
going messages defined by their protocol templates. The ports can divided into 
two categories, peer ports and relay ports. Peer ports are used to connect the in- 
ternal components of the agent and are not visible from the outside of the agent. 
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They are the part of the internal decomposition of the agent. Relay ports are 
the end ports of the agent and represent the interface of the agent for connecting 
the other agent [4]. 

Component state machine. The behavior of the component will be specified by 
an extended time-state machine. 

State Machine = {M, S, A, t, t, g, e, x) (4) 



where: 

• M = U M®®”‘ is the set of incoming messages, and the outgoing 

messages. 

• S is the set of elementary states of the component. A component is referred to 
as having a state when the effect of an input depends on the history of previous 
inputs. The state can be passive or active. The active state has finite advance 
time, defined by function r. 

• T : S'fc — >■ 5ft is the time advance function of the state. Time advance of the 
passive state is equal to oo [8]. 

• A is the action set. The action represents the possible activities of the compo- 
nent, such as sending the message, calling the specified method or function from 
the knowledge basis methods. 

• The guard function g : E x S x Ports — >■ {T,F} must evaluate to true or false. 
This function defines an evaluation that must be performed when a message is 
received, to decide whether a state transition will be taken. The set E defines 
the event set of the component such as incoming events, internal events, and 
outgoing events. The internal event denotes the end of activity of the state s. 
For internal events the value of the guard function is always true. 

• The trigger function t : E x S x {T, F} — >■ S determines the state transition 
function. From the definition of the guard function it is easy to observe that for 
internal event the trigger function causes always the state transition. 

• The entry function e : S' — >■ A decides on the entry action of the component. 
An entry action is performed when a state is entered by way of any transition. 
The action set contains different component actions enable sending the messa- 
ges, calling the methods for knowledge base etc. For example the action set can 
be defined as A = { Sent- Message (■ ), Run- Method (■ ) Change -Parameter (■ 
)of-Method(- ),■■■} 

The entry function can be implemented as the decision making function, in form 
if condition then action where condition can based on the return values of pre- 
viously called method. 

• The exit function x : S — >■ A generates the exit action. The exit action is taken 
when a state is vacated by way of any transition. The exit function generate such 
as the entry function the output event and can be implemented as the decision 
making function. 



Agent interface and contracts. The agent interface is equal to so called 
Relay-Interface which is a class of input/output port references representing the 
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ports that appear on the outside of the agent Each of the port reference is defined 
as a composite of two elements: 

port = {port -name, pyrotocol template) (5) 

The contracts within the structure part of an agent class are partitioned into 
contracts involving bindings between agents and contracts involving connections 
which can be used by all agents in the system. 

Binding contracts are defined by the set of binding bilateral contracts or multila- 
teral contracts. Each bilateral contract must be created between two relay ports 
on the respective references, and each multilateral contract must be created bet- 
ween many relay ports on the respective references. The send point and receive 
points determinate the sender and receiver parameters of protocol templates. 



Agent behavior. We refer to the internal operation of an agent over time as its 
behavior. The behavior of an agent will be specified by its state transition engine 
{Behavior = State Engine), which is the complex state machine over so called 
composite states. A state of an agent represents a period of time during which an 
agent is exhibiting a particular king of behavior. The states are complex states 
aggregated from groups of the component’s states. For an agent’s component 
activity we can ordered the composite state that represents this activity. A state 
engine has similar form as the component state machine, but uses only composite 
states and incoming/outgoing messages. 

State Engine = {M, CS, Trans, Resp) (6) 



where 

• M is the subset of the union of all messages sets of components, i.e. M C 
i->{Mk\k € Kagent} 

• The set CS is the set of composite states of agent. The composite state is 
a complex state aggregated from group of the component’s states. Let St = 
U{S'fe|A: G Kagent} be the union of the all states of all components. The aggrega- 
tion relation a C St x CS composes the agent state cs from agent’s component 
states. The components states should be grouped into a composite state in the 
such a way that a composite state contains a lower level state machine of the 
component called subengine, ore exactly the composite state should be build 
from states of the one component, it means that a~^{cs) C Sk- 

A transition represents an allowed path from one composite state to another. 
Trans : M x CS ^ CS. The transition can occurred only on the such pair 
{m, cs) where if the composite state cs is created from states of k-th compo- 
nent then the message m has to belong to a messages set of this component, i.e. 
Trans{m,cs) = csnew A a~^{cs) C Sk ^ m € Mk- 

• The response relation Resp C CS x M generates the possible output messages 
connected with the composite state. The message m can be response of the com- 
posite state cs only if there exists the state s of the adequate k-th component 
which causes with help of its entry or exit functions the action connecting with 
sent the output massage m. 
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3 Execution Agent 

The first goal of the Execution Agent is to calculate the next path segment of 
robot motion depending on the type of input messages it receives. It selects the 
proper interpolation mode depending on the input message represents time tra- 
jectory in joint space, geometrical path of the effector or final pose. The functions 
for interpolation calculation can be retrieved form the knowledge base. 

The second goal is to detect conflicts by monitoring the movement sequences. 
This has to be done by creating movement vectors which are used to monitor if 
the manipulator approaches the precalculated final point of the movement seg- 
ment in a proper way. If it does not a conflict has occurred and the negotiation 
agent which is described in section 5 has to be contacted for conflict resolution. 

Similarly to all agents the execution agent composes of general and specific 
components. The general components are the knowledge management and ac- 
quisition component and the negotiation responsible component. The execution 
agent has two specific components, which are called 
o movement’s path interpolation component and 
o the conflict detection component. 



3.1 Movement Path Interpolation Component 

The task of the movement path interpolation component is calculating the next 
movement segment of the robot’s manipulator depending on the kind of move- 
ment information coming from other agents. It also has to report if the destina- 
tion point has reached, the motion of the robot was stopped or the robot is idle. 
The component performs the following functions to realize its task: 

- Decision making about path interpolation mode 

- Advance path planning 

- Perform interrupts and track preference 

- Tracing accomplishment 

Decision making abont path interpolation mode: Depending if the input 
message indicates Path, Track or Destination the message content includes a 
path specification in Cartesian space, a trajectory specification in joint space or a 
final pose specification via several points. In order to achieve the next movement 
sequence to the specified values a decision making of the proper interpolation 
mode has to take place. The methodology for computing the movement sequence 
according to the selected interpolation mode is represented in the self architec- 
ture model of the knowledge base of the action execution agent [11,13]. 

Advance path planning: If the input message indicates Detour / Abandon 
(sent by the collision avoidance component of the safety action agent which is 
described in section 4.3) the message contents includes the changes of robot 
configuration in order to circumvent an obstacle in the best way or by leaving 
the preplanned path to avoid collision with the obstacle. In the last case the 
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advance path planning has to provide robot configurations which enable the 
manipulator to finally meet the goal point of the current movement segment. 
This can either be obtained by a manipulator movement directly to the end 
point of the movement segment or by motion to a point lying on the preplanned 
path from where it can continue tracking its original path. 

Perform interrupts and track planning: If of any reason the current motion 
has to be stopped an interrupt is generated and a message indicating Motion 
stopped and the current robot configuration is sent to the other agents. 

Tracing accomplishment: If the manipulator reaches the final point of the 
path segment the message Destination reached together with the current 
configuration data is sent. 

3.2 Conflict Detection Component 

The task of the conflict detection component is to monitor if the manipula- 
tor approaches its final point in the right way. If the distance to the final point 
increases during the observation periods or the movement keeps fluttering a con- 
flict situation has occurred. The conflict detection component provides functions 
to monitor the manipulator’s movements and to recognize if conflict situations 
have arisen. Fig. 2 presents a conflict situation. After the detection of such a 
conflict the negotiator agent which is described in Section 5 is contacted to pro- 
vide a solution to the conflict In order to perform its task the conflict detection 



component uses three functions for conflict recognition. 

- Movement vectors field creation and monitoring 

- Opposite movement detection 

- Goal attainability testing 

Movement vectors field creation and monitoring: In order to observe the 
motion of manipulator, movement vector fields connecting each position of the 
manipulator on the current path are calculated within an observation period. 



Final Point 




Fig. 2. Conflict detection based on movement vectors fleld 
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They are used for analyses of the actual motion of the manipulator by the 
following functions: 

Opposite movement detection: By using heuristic computation the vector 
fields are used to detect opposite movement of the manipulator. They are several 
criteria which indicate an opposite movement, like very large angles between the 
movement vectors, vectors sums that increase too slowly, etc. They are all applied 
in order to test the current situation for conflict occurrence. 

Goal attainability testing: The other possibility of a conflict occurs if the ma- 
nipulator keeps moving away from is target during an observation period. This 
can be done by observing the distance between the endpoint of the movement 
vectors to the points of the preplanned path. If it keeps increasing the goal does 
not seem attainable. 

In both cases the negotiation agent has to be contacted in order to provide 
a conflict resolution. 

3.3 Knowledge Base and Knowledge Management and Acquisition 
Component of Execution Agent 

The knowledge base of the Action Execution Agent represents three different 
models: 

- Self Architecture Model: Here the robot kinematic model with its appropriate 
functions and methods is stored. A detailed description of this part of the kno- 
wledge base can be found in section 4.1. Besides the kinematic model a set of 
functions and methods is provided in order to calculate the interpolation mode 
depending on the input information. 

-Social Model: The social model of the action execution agent knows about com- 
munication links to other agents. It is responsible to provide connections to other 
agents, f.e. a permanent connection to the action safety agent has to be provided, 
because the safety action keeps sending information about robot configuration 
changes which must be processed immediately by the action execution agent. 
A non permanent connection to the negotiation agent seems to be sufficient, it 
only has to be established in case of a conflict detection. After conflict resolution 
the connection can be disabled. 

-Mental Model: The mental model represents a risk model which is applied in 
order to supersede path proposals of the negotiation agent. It enables the nego- 
tiation responsible component of the action execution agent to make decisions 
about tracing accuracy, adjustment of preplanned path and fine tuning of mo- 
tion after the negotiation agent has provided a conflict resolution. 



4 Safety Agent 

The safety protection agent has to provide a collision free movement of the robot 
manipulator. Similarly to each agent, this agent has two fixed components: 
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o negotiation responsible component and o knowledge management and acqui- 
sition component and two specific components: 
o danger recognition component 
o collision avoidance component. 



4.1 Knowledge Base and Knowledge Management and Acquisition 
Component of Safety Agent 

The world model. The world model of the knowledge base of the action 
safety protection agent is shown in Fig. 3. The knowledge represented here is 
the geometrical model of the robot environment [7,9]. The formal model used, 
describes the service space of the robot manipulator as triangle approximation. 
The points in the triangle net are coupled in triangle walls. The walls represent 
the data objects of the world model in knowledge base. This model is modified 
based on sensors data coming from external data bus and relay port of knowledge 
management and acquisition component. 

‘ z 



X 





Fig. 3. World model and updating procedure of action safety protection agent 



The self architecture model. The model contains the knowledge about 
construction, properties and structure of a hardware agent. The previously men- 
tioned action safety protection agent needs the knowledge of the kinematical 
properties of the robotic agent in order to decide about collision avoiding mode 
and avoiding path. Therefore the forward and the inverse kinematic models of 
the robot should be known. These models can be created in different ways using 
different formal tools as e.g. symbolic computed models, numerical models or a 
neural network based model [7,10,15]. 

The planning of the new configuration is based on computation of robot 
kinematics and is computationally expensive. Therefore it is attractive to apply 
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a neural network model of robot kinematics, stored in knowledge base of agent, 
which automatically generates safe configuration of the robot. This model uses 
a multilayer feedforward neural network with hidden units having sinusoidal 
activation functions [14,9,15]. 

The plant model of the robot kinematics is presented in Fig. 4. 




Fig. 4. Neural network modal of the robot kinematics 



4.2 Danger Recognition Component 

For preventive collision avoidance we propose the installation of ultrasonic sen- 
sors and a sensitive skin on each manipulator link and then use a neural network 
to estimate the proximity of the objects with the link of question. The resulting 
distances are compared with the local model of the robot environment to reco- 
gnize the new obstacle and with the radius of the security zone pe . The security 
zone and sensors observations are shown in Fig. 5. 




Fig. 5. Security zone of safety protection agent 



In the case when some objects disturbing the trajectory execution are reported 
via system sensors. 
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When a manipulator is equipped with many sensors and these sensors are moun- 
ted on different manipulator links the problem arises how to fuse sensors readings 
to obtain useful information. The term ’’useful information” means, for example: 
what is the distance from the nearest obstacle to the manipulator body; what 
is ’’the safety” direction of manipulator movements; what is the type of visible 
obstacle (dynamic or static)? 

The results of fusion action are vectors d = {di\i = 1, ..,n), represented the mi- 
nimal distances to objects in robot environment for each joint of manipulator . 



4.3 Collision Avoidance Component 

The task of the collision avoidance component is a planning of the safe confi- 
guration of the robot’s manipulator based on the information coming from the 
danger recognition component and from the action execution agent. To realize 
this task the component perform two general actions: 

- decides about the obstacle avoiding mode, and 

- calculates the changes of robot configuration robot, which avoid the obstacle 
in the possible best way. 

Decision making about the avoiding mode. The outputs message Danger of the 
danger recognition component involves the vector. 

d = (dj|z = 1, ..,n) 

Moreover the danger recognition component informs about the type of dange- 
rous. In a case of previously known static obstacle the message danger decrea- 
sing is send, and in a case of new static or dynamic obstacle (which was not 
known in the world model stored in the agent’s knowledge base) the message 
danger decreasing goes out. 

The fuzzy rule based system decides now if the preplanned path should be 
abandon or if the manipulator should tray to circumvent an obstacle tracing the 
assumed path. In the first case, it is happen that the obstacle cannot be avoided 
if the end effector is to pursue its preplanned path. The manipulator must now 
be moved away to give the way to the obstacle. 

In the second cases the robot must not abandon the preplanned trajectory 
and find the next collision free configuration. The second obstacle avoidance 
supposes that this position should be as near as possible to the preplanned 
path. 

To calculate the safe configuration the planner uses information from the 
danger recognition component and combines it in the inverse kinematics com- 
putation, performed by inverse calculation method from agent’s knowledge base 
(see section 4.1). 

The obstacle avoidance can be achieved by introducing the additional errors 
for each joint, i.e. the errors between virtual points pi and the joints positions 
ti{q). The virtual points are placed on the opposite side of the joint with respect 
to the obstacle (see Figure 6). 
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Fig. 6. The virtual point and security zone 



Calculation of the changes of robot configuration robot. This action call the 
inverse calculation method from the knowledge base of the agent [7,12]. 

As a result of the method, the solution of the inverse kinematics with obstacle 
avoidance is obtained. Because computations performed in the loop are initiali- 
zed with the desired positions of the manipulator’s joints (virtual points), the real 
manipulator’s configuration reflects the motion with tries to avoid the obstacles 
and perform the detour action. The Detour message denotes the state when the 
manipulator is trying to circumvent an obstacle and Detour/ Abandon message 
denotes the abandon of the assigned motion path. Deadlock message is sent when 
the environment and the manipulator seem to be static. 

The state machine of the collision avoidance component is presented in Fig. 7. 



4.4 State Engine of Safety Protection Agent 

The components states are grouped into a composite state in the such a way 
that a composite state contains a lower level state machine of the component 
called subengine. The states of the one component can be grouped in more as 
only one composite state. The state engine of the action safety protection agent 
is shown in Fig. 8. 



5 Negotiation Agent 

The situation forces negotiation only when there are conflicting goals of two 
agents. 

Situations of conflict causes at first the theoretically test of achievability of 
the system primary goal of the multiagent system. The theoretically prove of 
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Fig. 7. State machine of collision avoidance component of safety protection agent 




Fig. 8. State engine of action safety protection agent 



the primary goal achievement of the system performs the negotiation agent, 
based on its own knowledge base and different models obtained from both safety 
protection and action execution agents. 

More exactly, the negotiation agent creates current geometrical model of 
robot environment together with current position of the robot and simulates the 
robot motion from current position to the goal position. If this motion track is 
collision free, then the achievement of the primary goal is theoretically possible. 
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When a conflict situation appears but the achievement of goal of overall 
system is theoretically possible, then as the first strategy the non-symmetric 
compromise strategy will be used. 

Non-symmetric compromise strategy: The negotiation agents selects the action 
execution agent as a predestinated winner. The action safety protection agent 
should decrease its safety level so long as it is acceptable by its mental model. 
Based on simulation’s solution, the security zone of safety protection agent can 
be respectively changed. The parameter describing the range of the security zone 
will be decreasing. This change proposal is send with message Change Request 
to safety protection agent. When the risk estimation enables the modification 
of the security zone, the change is accepted. If no, the own proposal of zone 
changes is prepared by safety protection agent, and is send to negotiation agent 
with message Change Proposal. 

In this strategy only one agent, namely safety protection agent is forced to 
make changes in quality of its individual goal achievement. 

In case when this strategy of negotiation leads to the negative result, the 
symmetric compromise strategy is preferred. 

Symmetric compromise strategy: The negotiation means a compromise for both 
parties and causes a degradation of their results. Using this strategy, the nego- 
tiation agent tries to decrease the safety level of the safety protection agent and 
to change the movement path realized by the execution agent, simultaneously. 

Based on data involved in Change Proposal message, the local path of the 
motion should be changed, so that the modified security zone is obstacles free. 

If this strategy leads to the negative result too, then the global conflict is 
recognized and conflict pragmatical resolve strategy o can be used. 

Pragmatic resolve strategy: When the negotiation agent is absolutely sure that 
the achievement of the primary goal is possible, then the pragmatic resolve 
strategy leads to ignore of the goal and actions of one of the agents. In this case 
the negotiation agent decides to ignore the action safety protection agent, and 
takes over the responsibility from the safety protection agent. 

When conflict appears such that the goals of the two agent are in direct 
conflict, which has the effect that only one can achieve its goal and theoretical 
test show that the achievement of the primary goal is impossible then only the 
symmetric compromise strategy is preferred. In this case the movement path 
tray to be replanned and the security level tray to be decreased. 

6 Remarks 

The article describes the formal models of a multi agent based control system 
for autonomous robots, which can be applied for the synthesis of a complex 
control system of a hardware agents in order to provide intelligent and flexible 
behaviour in partially known environment. This formalism is demonstrated by 
the synthesis of intelligent controller of robot manipulator 
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Abstract. The problem, which was addressed in this project, was the creeping 
loss of competence of the user when using conventional knowledge based 
systems. Therefore two main points were the aims of the project. At first it 
was concentrated on using the Multi-Agent architecture. The second aim was 
the development of design guidelines for competence promoting decision sup- 
port systems. The promotion of competence was realised by offering different 
opinions about a problem to force decisions of the user. Two agents with dif- 
ferent views on the diagnosis problem were implemented. Diagnosis strategies 
and data were analysed with regard to the different views and the integration 
into the system. At last methods to measure the effect on the competence of 
the user were developed and tested. 



1 Introduction 

Manufacturing systems in production technology become more and more compli- 
cated [3]. The use of computer based decision support systems is, therefore, neces- 
sary for fault diagnosis [4]. The earlier replacement of the human expert by knowl- 
edge based systems proved to be advantageous as well as disadvantageous from the 
human point of view. For this reason knowledge based systems were applied for 
supporting the user now. This kind of usage implies however the risk of creeping 
loss of his competence. 

The promotion of user competence was, consequently, the aim of our research proj- 
ect. Design guidelines for developing competence promoting decision support sys- 
tems were deduced. This goal influenced the system architecture as well. The archi- 
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lecture of knowledge based systems did not meet well with this intention. So it was 
researched in the field of Multi- Agent-Systems (MAS) as basic architecture [2]. As 
the architecture is used for designing manufacturing systems in the maintenance 
application area, the project was a contribution to the research in holonic manufac- 
turing systems. 

It was a project of the Institutes for Human Factors and the Institute for Machine 
Tools and Factory Management of the Technical University of Berlin. It was spon- 
sored by the German Research Foundation. The project was launched in co-operation 
with the Institute for production systems and design technology of the Fraunhofer 
community. Especially the machine equipment of it’s production technology centre 
was used for the experiments. Also the experience of the maintenance staff was 
suited well for knowledge acquisition for the system. 



2 Competence Promoting Multi-Agent-System 

Point of emphasis was the usage of agent based knowledge. A multi-perspective 
view enabled the user to form his own opinion on the base of the various proposals 
given by the individual agents. Thus the user was deducing the resulting decision. 
Further point of emphasis was the distributed acquisition of knowledge according to 
the concept of Multi-Agents. To avoid the equalization of the knowledge it was 
acquired by one knowledge acquisition team per agent. This agent based acquisition 
prevented from standardizing and equalizing knowledge on an undesirable level as 
for example on the level of the lowest common denominator. 



2.1 System Design 

Essential part of the project was the implementation of a COMpetence Promoting 
Multi-Agent-System for Support (COMPASS). Application area of COMPASS was 
the fault diagnosis of CNC-machine tools. 

The implementation of the multi-agent system took the following points into con- 
sideration: 

- realization of competence promotion by offering different opinions about a prob- 
lem to force decisions of the user; 

- two agents of different views on the diagnosis problem; 

- analyzing diagnosis strategies and data with regard to the different views and the 
integration into the system; 

- self-developed methods to measure the effect on the user’s competence. 

The approach was based on the result in human factors research, that the multiple 
representation of knowledge was one of the reasons for higher performance of per- 
sons. So the working hypothesis was, that the multiple representation of knowledge 
within a system in accordance with the acquisition and use of the knowledge in dif- 
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ferent perspectives was leading to more performance and, as the cause of perform- 
ance, to more competence. Offering different opinions and different solutions for a 
problem the system enabled the user to take the last decision. 

For the first step implementation concentrated on two agents. The application area 
was fault diagnosis. Different perspectives on the diagnosis problem were modelled. 
Modelling included further different methods for fault diagnosis. So the system inte- 
grated different strategies of diagnosis to select by the system or the user. 

From the human factors research point of view the evaluation of the hypothesis 
with tests was necessary. For measuring competence methods were developed or 
existing methods were used, for example existing questionnaires. 



2.2 Competence Promotion 

Main benefits of the integration of Multi-Agent Systems in diagnosis systems were 
modulisation of machine specific knowledge and the possibility of knowledge repre- 
sentation in different views. The agent related information allowed simple extension 
and modification of existing systems. The knowledge representation in different 
views showed the machine operator different solutions and left the final decision to 
him. In contrast to expert systems, which suggested only one solution, the machine 
operator had to decide himself No loss of competence was occurred 

The professional competence was improved by the preparation of expert knowl- 
edge from different perspectives. The technical competence was promoted by im- 
proving the use of technical equipment and enhancing the necessary knowledge of 
facts and procedures. The method based competence was supported by providing 
various methods for problem solving and strategic diagnosis. Adapting working 
methods to new tasks was trained. 



2.3 System Architecture 

The Multi-Agent System consisted of deliberative, adaptive, loose coupled agents. It 
was implemented with the integrated tool suite AgentBuilder [1]. The co-operation 
of the agents were controlled through a co-operation model. Each agent had it’s own 
knowledge base, inference process and user interface. The system was equipped with 
a graphical user interface, multimedia elements and a CNC connection module (Fig. 
1). The CNC connection module supported requests from the agents to the machine 
tool as well as the transfer of asynchronous messages from the machine tool. Access 
was supported by a multimedia graphical user interface with menu-supported error- 
selection. This interface offered acoustic and visual support for the elimination of 
errors as well as the representation of data transmitted between agent and inference 
process. The Multi-Agent System for support on diagnosis activities to CNC ma- 
chine tools was not a black box with respect to the inference mechanism. The ma- 
chine operator was not only informed about the communication between the agents 
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but also about each step of the inference process. This was realized by display infor- 
mation on windows or store it in log files. 




User 

{machine 

operator/ 

maintenance 

staff) 




Fig. 1. Architecture of the Multi- Agent System 



2.4 Diagnosis 

Error messages of the CNC machine tool were received by the CNC module of the 
MAS and analysed by the agents. In addition the agents had the possibility of 
checking the state of the machine and requesting machine data. Each agent contacted 
the other agent, if its knowledge did not permit a further fault location. The language 
of the agents is based on the Knowledge Query and Manipulation Language 
(KQML) and uses the Knowledge Interchange Format (KIF). 

For competence promotion different opinions about the problem were offered. 
Agents represented these opinions. The fields of competence and the diagnosis data 

Table 1. Operations of horizontal and vertical agent 



Florizontal agent 

In accordance with functional flow 
Within electrical, hydraulic or informa- 
tional dependencies 

In physically independent neighborhood 



Vertical agent 

in accordance with component structure 
within mechanical dependencies 

in physically local neighborhood 
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and strategies were divided into two agent views. The horizontal agent was responsi- 
ble for fault location in horizontal direction. That means, for example, the agent 
operated in accordance with the functional flow (Table 1). In contrast to the hori- 
zontal agent the vertical agent worked in accordance with component structure. 

The system supports the user in his diagnosis strategies by providing adequate in- 
formation material. On the other hand, the system guides the user step by step in 
accordance with implemented diagnosis strategies. So the system executed error 
routines or delivered results of error routines of the CNC-machine. Information was 
provided in multimedia technology and included knowledge about the machine itself 
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Fig. 2. Information material 

The support of diagnosis strategies further integrated the consideration of diagnosis 
specific facts and methods like frequency of faults and deficits, historical informa- 
tion, dependent probabilities, sense perceptions, and signal flows. 



General search strategies were also necessary for example the minimal effort ap- 
proach, splitting, exclusion and uncertainty reduction. Special procedures in fault 
location were the reconstruction of errors and pattern matching of fault symptoms. 



The system supported for example the user in his diagnosis strategies by providing 
adequate information material like component structure tree, explanations of compo- 
nents or pictures of parts of the machine (Fig. 2). 



The horizontal agents offered for example the diagnosis strategy for following signal 
flows (Fig. 3, left hand side). It allowed the user to check symptoms of faults and to 
decide in each case, what fault is further analyzed. The diagnosis ended successful 
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with finding the cause of the fault. At each step the system supported the user by 
displaying measures for check and correction on demand (Fig. 3, right hand side). 
One of the diagnosis strategies of the vertical agent was fault frequency. The fault 
frequency was attached to the component. 




Fig. 3. Signal Flow 



2.5 Competence Measurement 

Development and test of methods for measuring competence promotion was of fur- 
ther interest. The professional and technical competence was measured by knowl- 
edge tests. So the increase of competence was proved by executing tests before and 
after the use of the multi-agent system. The method based competence was measured 
by carrying out simulation experiments with test persons. The test persons were 14 
students with experiences in CNC-machine tools. 

During the simulation experiment behaviors of the persons were observed and esti- 
mated based on the measured indicators. The experiment was verified by comparing 
the results of the group which used the system to a group which did not use it. The 
test ended with filling up a questionnaire concerning self assessment of the test per- 
sons. 

The experiment started with the knowledge test. Facts about the machine and proce- 
dural knowledge about strategies of diagnosis were asked for. The number of suc- 
cessfully answered questions were increased after the intervention (Fig. 4). In that 
way the competence of the persons were also increased. If the intervention of the 
system or other reasons, for example the learning effect within the test situation, 
were the cause for the development of knowledge, couldn’t be proved in this way. 
Therefore further studies are necessary. 
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Fig. 4. Knowledge Test 

During the simulation experiment the persons had be solved two tasks in fault loca- 
tion. The hypothesis was supposed, that with increasing competence the performance 
is also increased. Measured indicators of the performance were for example time and 
success for solving tasks. In Figure 5 the results are presented. The time was in- 
creased extremely. So the results were a good confirmation of the hypothesis. But the 
number of solved tasks were reduced. Before the intervention 10 of 14 tasks were 
solved. After the intervention only 7 persons finished the experiment successfully. 



It was assumed, that the tiredness of the persons at the end of the test was a possi- 
ble reason for this result. Nevertheless, all indicators of the performance together 
confirmed the theoretical assumptions. 




■ system group / before 
intervention 
□ system group / after 
intervention 



task 1 



task 2 

Fig. 5. Time for solving tasks 
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The measurement of competence was completed with filling up a questionnaire. The 
answers of the questionnaire were based on rating. The value 1 demonstrated a bad, 
10 a good result. The questionnaire consisted of different scales. The scale ad hoc 
competence and emotional load were compared for example (Fig. 6). The hypothesis 
was assumed that with increasing ad hoc competence the emotional load is de- 
creased. The evaluation confirmed this hypothesis. The contrast of the values were 
not very large, but the tend was essential. 




■ system group / before 
intervention 
□ system group / after 
intervention 



scale ad hoc scale emotional load 

competence 



Fig. 6. Questionnaire about competence 



2.4 Conclusions 

The system is planned to be applied in industry. Manufacturer of equipment are 
interested in completing new machines with diagnosis systems on base of our tech- 
nology. These are potential partners for co-operation. Supplier of machine tools are 
interested too. This is an traditional application area for diagnosis systems. For car 
industry the point of emphasis is the enlargement of competence with respect to 
social and organizational aspects. Intention of the management is the support of total 
productive maintenance. 
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Abstract. Intelligent robots are systems which process on-line a vast volume of 
information consisting of both the data and knowledge. The data gathered by 
sensors are processed making use of knowledge incorporated in the software 
modules. To explore both the data and knowledge requires to integrate both of 
them on appropriate levels. As different the data usually represent the same part 
of the world, it is obvious to speak about data fusion than integration. On the 
other hand, the software modules are usually highly specialized and 
complementary to each other. Solving the problems of relevant data fusion and 
systematic software integration seems to be a crutial aspect of the robot design 
tasks. The paper describes core ideas and principles used for software and 
system integration in the GLbot (the Gerstner Laboratory Robot) experimental 
platform, were the multi-agent approach has proved to be the very efficient one. 



1 Introduction 

Intelligent robots are usually understood as complex systems accomplishing tasks of 
mental and physical nature. As the former requires intelligent knowledge processing, 
the latter belongs to physical interacting with the environment. To achieve the required 
abilities a robot should be able: 

• to percept and recognize the environment, 

• to create and continuously modify the internal representation (model) of the 
environment, 

• to make decisions about its own activity which guarantees robot’s survival and leads 
to achieving of the given goals, 

• to influence the environment: to manipulate objects and to accomplish movements, 

• to communicate with a human operator. 

The previous description formulates three main functional subsystems of each robot 
quite explicitly. The perception subsystem is responsible for preprocessing of sensor 
data in order to recognize basic elements of the environment and for integrating the 
partial descriptions into a (more or less complete and consistent) model of the 
environment (so called a world model WM). 
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The decision-making subsystem is responsible for formulating global goals and for the 
global planning of activities to reach them. This subsystem mainly explores the world 
model created by the sensor subsystem. 

The action subsystem performs a detailed planning of actions, generates 
instructions for the motion system and directly controls the motion. Again, it explores 
the world model and exceptionally some sensor data directly (e.g. tactile information 
can be used directly for assembling - without any complex processing in the decision 
making subsystem - to improve the finest motions and to make them very accurate). 



Custom Tasks 
(Goals) 




World 



Fig. 1. Basic functional structure of an intelligent robot. Top-down position of each component 
stands for the level of abstraction. 

As the robots have been developed to work in complex environments and to behave in 
a flexible and intelligent way, various kinds of information/control feedback loops of 
different nature can be found within the robots’ architecture. This feedback explores 
different levels of data abstraction of the same data acquired by the same sensors. In 
the feedback loop on the lowest level, i.e. in the loop for solving emergency situations 
(e.g. collision avoidance), the direct sensor data are usually explored. On the top level, 
in the decision-making feedback loop, the global world model created through a multi- 
stage process of data processing/fusion is applied. 
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Each level of the feedback control requires a certain level of sensor data 
integration/fusion: The higher the feedback level, the more steps of data fusion are 
needed as a pre-requisite. 

On the other hand: The more complex the task is to be solved, the more complex 
software accomplishing various feedback solutions should be implemented. Even the 
most complicated software can be split into a number of nearly independent software 
modules. These modules can be developed, implemented and maintained in a much 
simpler way than a monolithic solution. Only one problem remains: how to efficiently 
integrate these modules. 



2 Intelligent Mobile Robots 

To demonstrate the nature of the above mentioned techniques used in robotics, let’s 
focus to a specific class of intelligent robots which are self-guided autonomous 
vehicles (SGV). Respecting the application field, the common task for this sort of 
robots is to conduct movements through 2D environments. The robot’s typical goal is 
either to reach a destination or to cover a region. All such activities are closely related 
to major functions of the intelligent vehicle: 

In the first place there is the navigation task [6] which provides the vehicle’s 
position and orientation description at any world location. The self-navigation 
incorporates data acquisition by various sensor systems and their interpretation with 
respect to the level of internal knowledge contained within an internal world model 
(WM). This results in determination of the vehicle’s position and orientation in the 2D 
world and in hypotheses of the world’s properties expressed by the means of obstacle 
occurrence [17] and [20]. 

Knowing the actual position of the vehicle at certain moment and having the 
previously mentioned knowledge about the environment, the activity planning and 
plan execution can be resolved [1] and [17]. 

Generally, both the processes - the world data acquisition and planning - are carried 
out simultaneously and they influence each other. In the case that the vehicle’s 
environment is not completely known in advance (before the execution of the planning 
task) the plan can only be estimated. Afterwards, during the plan execution and using 
interpreted measurements of the sensor system, the original plan estimate can be (and 
typically has to be) modified. 



2.1 Main Functional Parts 

From the basic concept introduced above one of the possible architectures of a SGV 
can come out comprising: Sensor data preprocessing and fusion, world model, fusion 
of different models, path planner and plan interpreter. 

The sensor processing and fusion part fulfills two basic tasks. It is responsible for 
low level preprocessing operations of the raw sensor data such as noise reduction. 
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dropout detection, etc. The methods used for information fusion range from simple 
statistical approaches to knowledge-based decision making techniques. The choice of 
a suitable approach depends in the first place on the abstraction level of information 
and on prior knowledge of the sensor response. This function results in general into 
two key functions of the robot’s internal activity: 

• A workspace updating mechanism which is responsible for overtaking long-term 
care for the global WM. 

• On-line modification of the goal-driven behavior resulting into techniques of 
sensor-based control for collision avoidance. 

Specific combinations of sensing strategies (global path planning strategies based 
on world modeling, local planning methods, border tracking strategies etc.) can be 
used for the mentioned tasks what leads to structuring of the system as shown in the 
Fig. 2. 

The world model as a whole consists of two data-storing parts, the already 
mentioned local world map(s) and the global world map and one data-handling 
system. As the local maps contain temporary data about the vehicle's neighborhood, 
they are typically attached to a particular sensor. This concept enables optimization of 
the data (it is hard to speak about knowledge here) carriers with respect to the nature 
of the sensor in question. For example the GLbot system relies on the occupancy grid 
approach here as a 2D probability (occupancy) functions enable efficient storage and 
easy fusion of range measurements. 

On the other hand, the global map contains long-term data covering the whole 
workspace. There is a plenty of concepts how to store overall knowledge. As the most 
efficient solutions to this task are strongly application dependent a useful 
categorization can be done with respect to the level of abstraction of the map content. 
From this point of view, an optimum in performance of such maps can be found for 
the data/knowledge representations which are sufficiently compressed (in the data 
quantity sense) but still do not require an obstacle recognition stage. To do the latter in 
unknown and unconstrained environments still belongs to hard-core problems. 
Sufficient level of data volume compression is mostly achieved via extraction of 
features giving a description of the workspace structure and shape. 

The scene feature finder serves the local map data understanding by means of 
search for basic entities which set up the scene description. This function controls 
updating of both the global and local maps with found scene features and provides 
adaptability to changes in the environment. 

The most common types of topological features are various approximations of 
obstacle boundaries, certain points-of-interest or specific regions. The GLbot system 
applies computationally cheap but fully functional solution using line-segment 
approximation of obstacle boundaries [10]. 

The path planner and the plan interpreter subsystems overtake responsibility for robot 
activity planning and plan execution. Although both these parts do not employ much 
of the data fusion methods we should mention the collision avoidance system at this 
point. It's linkage with the data fusion can be seen in usage of pre-processed (already 
partially integrated) data for a low-level feed-back for a sensor-based motion control. 
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Feature Extraction x Sensor 




Fig. 2.. Example of a typical data abstraction levels and the data flow diagram within a self- 
guided autonomous vehicle 



2.2 World Data Acquisition and the Sensor Subsystem 

The most crucial processing phase in the proposed robot architecture (Fig. 1) is the 
world data acquisition process. With respect to performance of the used hardware, all 
the data on the environment can be gathered within certain limits on their quantity 
and/or rate. As it provides the only links from the real world to the vehicle, it is 
evident that the data acquisition can heavily influence the final performance of the 
whole system. 

Respecting physical principles of the used sensors, more or less uncertainty in the 
measurements can be expected. 

These two facts invoke the main tasks of the sensor subsystem - data volume 
reduction and reliability improvement - by preprocessing and fusion [2]. The incoming 
information, provided by the sensors, is in a pure signal form and can be either 
directly fused, or passed to further processing. This processing stage assigns a 
semantic context to raw signal data and converts it into higher level representations. 
Useful categorization of possible qualitative levels for data representation is given in 
the following figure. 




214 



L. Preucil and V. Maflk 



1D Signals 



2D Signals 



Primitives 




Fig. 3. Multi-level fusion concept. Each level integrates information of the same nature. 

The signal level is a low level one as it usually represents single- or multidimensional 
signals. A suitable fusion method is signal estimation (filtration) which generally 
reduces the dispersion of the measured values. Fusion on this level can be used in real- 
time applications and can be considered as just an additional step in the global 
processing of signals. 

On the pixel level the 2D data (images) are created and therefore it is used to fuse 
this sort of information. The fusion can be carried out by image estimation or pixel 
attribute combination [9], [10]. An example of this can be a task of fusing edge pixels 
(pixels attributed with high gradient value), this could help to detect syntactic features 
(e.g. line segments) for WM. The fusion process increases performance in solving 
image processing tasks [4]. 

The syntactic feature (primitive) level already represents the medium level and is 
based on features which can be extracted from signals and images [5]. An illustrating 
example: a fusion of all straight-line segments with similar direction at one world 
location (feature attribute). Suitable fusion methods incorporate the methods of 
geometrical and temporal correspondence and the feature attribute combination. As 
result, the fusion reduces processing time and increases feature measurement 
accuracy. 

To be more specific: the GLbot system applies at this point two methods for feature 
extraction [9]. The goal is to interpret the data obtained from sonar measurements of 
the robot’s environment as geometric map primitives. The extracted primitives can be 
used to update the robot position and the global map. This is the process how the 
robot can explore unknown environment. The first algorithm gathers sonar 
measurements into sensor-based map and using computer-vision techniques and 
morphological operations extracts geometric description of detected obstacles. The 
other method can be applied when the border tracking algorithm is activated. This 
method uses the raw sonar data as the input because obstacle border is well detected 
during the border tracking process. 
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2.3 Sensor Sources for Multiple Feedback Loops 

Various input sensors in a multisensor mobile robot are used for different purposes, 
together setting up a perception subsystem. The perception provides three kinds of 
outputs. 

One function is to support the collision avoidance subsystem by the information on 
region occupancy. 

Another function provides the necessary data for updating of local maps which 
contain knowledge on the temporary neighborhood of the vehicle. 

As shown in the Fig. 3, some of the sensors are used to match sensor data with the 
current content of the WM and afterwards to update the content of the WM to reflect 
the matching results. The other ones serve for landmark recognition which serves for 
robot position determination. The last kind of data exploration feeds the obstacle 
detection part which is responsible for the avoidance of collisions. 

The degree of integration and fusion of sensor data required for each of these tasks 
can substantially differ. 

The simplest approach to fusion in position location is trajectory integration. This 
calculates the vehicle’s position from accumulated rotation and shift motions as 
determined by internal sensors such as an odometer and/or a gyro. Because of the 
nature of the always present inaccuracies of any sensors, the total error of position 
estimation accumulates as the vehicle moves. In order to reduce this cumulative error 
most of mobile robots periodically determine the location of some external landmark. 
Comparison of the position provided by the landmark with the one determined by 
internal sensors therefore keeps the location error within acceptable bounds. 




The WM data matching and updating task is another form of a fusion process which 
integrates particular sensor data with the world model. This requires that the sensor 
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information and any associated measure of its uncertainty corresponds to the 
representation used in the world model. Only in that case the integration can take 
place. Information from different sensors of similar nature (e.g. laser range finder, 
stereo vision) can be fused before reaching the matching task in order to reduce the 
communication flow or complexity of the matching process. 

Knowledge Handling. Nearly any entity (feature) segmented from the sensor data 
can be matched with the world model content. This can be done by matching of a 
feature derived from the sensor data to primitives obtained from the world map. The 
degree of similarity of the previous states if the hypothesis on the world state 
(primitives derived from sensor data) was a mismatch and/or uncertainty infiltrated 
from the sensor itself Frequent successful matches vote for a world model updating. 

The world model-to-sensor data matching and the model updating tasks require that 
the sensor information is self-evaluated by some measure of uncertainty. Only in that 
case some integration algorithms can be designed. 

One possible integration approach leads towards building knowledge about space 
occupancies and certainty measures in the terms of their probabilities. Another area 
for this class of methods includes usage of a voice input by a robot. This is used e.g. 
for refinement of the already discovered knowledge or it supports conversions 
between symbolic and geometric world models (model fusion) through assistance. 



3 Design Strategies 



3.1 Sensing Strategies 

The sensing strategies and namely the data fusion methods under consideration 
determine the applicability of the sketched concept of the robot. Flowever, for each 
specific goal of the navigation task, a series of particular decisions concerning: 

• particular integration of functions of the sensing subsystem, 

• data representation levels to be explored for each functionality, 

• data integration strategies (when and where to match different internal WMs?) 

should be done by the designer. The robot perception subsystem is designed to fulfill 
three basic functions, namely: 

• to match sensor data with the current content of the global WM, through which the 
local maps can be up-dated, 

• to enable the robot’s position and heading determination: a landmarking mechanism 
is used for this purpose, 

• collision avoidance in the case of dynamically changing environment. 

These functions caimot be implemented by quite independent, totally separated 
subsystems: some degree of integration of knowledge/data in the sketched 
functionality schema is, of course, required. 
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3.2 Workspace Representation and Planning Strategies 

The knowledge about the robot’s workspace is carried by the world map module 
containing the world model (WM) and is tightly bound with the global path planner. 
The WM part is responsible for storage and management of a database that stores 
primitives representing obstacles. This is called a global map and includes procedures 
which allow the other processes to conduct necessary operations with the map content. 
The most common operations are e.g. addition and removal of obstacles and/or their 
components (segments of borders), providing a list of visible obstacle boundaries from 
a given standpoint, etc. As a compromise between the data compression and problems 
appearing by extraction of map primitives, all world obstacles can be approximated by 
line segments. This simplification makes the search process for primitives (or a fusion 
of the sensor data into primitives) much easier as the model (the line segment) is 
known. 

This brings an estimated error in obstacle representation which is acceptable for 
sufficient accuracy of the navigation and planning processes. On the other hand, the 
main advantage of the chosen representation is seen in avoidance of a recognition 
process which would be needed by direct segmentation of the whole obstacles. 
Building of the world model step-by-step from border segments copes with the 
visibility feature well. This allows updating of the world model from similar sensor 
aspects in smaller portions (and does not require discovery actions like „going around 
the whole obstacle"). The global map is stored as a simple visibility graph defined on 
vertexes of obstacles. 

The planner is responsible for global path planning, e.g. it finds a free path from the 
starting point to the goal. The plaiming is done not in the configuration space but over 
the map visibility graph. Global plans consist of sequences of certain sub-goals. For 
suitable sub-goal points can serve comer points of obstacles after being slightly 
expanded to create a safety corridor along rigid borders. The plan can be generated by 
a standard A* search algorithm. 

The both threads are integrated within one module because the path planning 
method strongly depends on the used map abstraction. Further execution of the 
obtained plan is usually done in cooperation with the navigator (local planner) and a 
pilot (execution driver) which form together the collision avoidance subsystem. 



3.3 Grid Map and Local Path Planning 

This process is usually divided into two tightly cooperating threads being responsible 
for sensor data integration and local map management. 

The grid map receives measured data from the sonar system and the odometer (as 
position measurement) and integrates it into a certainty grid [10]. The second thread 
uses the grid map for local path planning making-use of the potential field approach 
[3]. The local (grid) planner receives a global path plan and serves for a first-instance 
method which attempts to refine the global plan. Reading the actual position of the 
robot the planner aims to find the safest path from the current position to the nearest 
sub-goal point on the global path. The algorithm also evaluates a measure of collision 
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possibility as a sum of occupancy probabilities along the proposed local path. The 
possibility measure is passed to the decision-making process later. It chooses between 
the local planning (sensor-based guidance) methods of the grid-based and the border- 
tracking approaches. 



3.4 Border Tracking 

The border-tracking module is the second-instance method for refinement of global 
plans during the execution. This activity is invoked after the decision is done that for 
the local planning can not be applied the certainty grid planner. This situation happens 
when the robot path is „jammed“ by an unexpected obstacle with no substitute path 
left and/or the sonar measurements are heavily ambiguous due to badly structured 
environment. 

The central idea of this approach is to trace the border of the colliding obstacle 
unless any next local sub-goal is reached on the original path. The tracer uses a range 
scan provided by the range-finder (sonar or lidar). The first step is a search for the 
nearest obstacle followed by appropriate control action that brings the robot into 
parallel orientation with respect to the obstacle border (border approaching maneuver). 
For initial direction of tracking the closest one to the original path is chosen. The basic 
idea of the algorithm can be derived from the BUG and VISBUG algorithms [12]. The 
border following process can rely on measurements provided by the distance 
measurements from the robot’s sides. Measurements in other directions serve for 
checking whether there is no smaller distance to any other obstacle than to the 
followed one. 



4 System Integration in the GLbot 

As we already mentioned, there are multiple path planning strategies used in the 
experimental GLbot [16]: the global path planning based on the global WM, the local 
path planning based on the grid map and the border tracking based on direct 
exploration of low-level data being supported by the landmark subsystem. 

The data gathered from the (changing) environment and used for the local path 
planning should be - earlier or later - automatically integrated into the global WM. If 
this is not possible, the robot will be not able to learn in the conditions of learning 
environment and thus forced to handle every new change of the environment just only 
by the collision avoidance mechanism. The integration of the local data into the global 
WM has a crucial impact on integration of the navigation process as a whole. 

This integration can be carried out - in principle - by applying one of the following 
two approaches. It is possible either to use range data and/or the grid map for 
extraction of primitives (edges and line segments) building the global WM or by direct 
matching single range scans - whenever is the collision avoidance system in active use 
- to the global WM. 
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As the former approach leads towards the application of image segmentation that has 
been found as highly problem-dependent and therefore not providing satisfying results 
here. The latter method avoids segmentation and uses the fact that an obstacle border 
becomes well determined during a border tracking process. The only task is to record 
the appropriate tracking curve and crack it into straight-line segments which can be 
immediately inserted into the world map. The collision-based updating process has 
been found as very robust. 

Another activity of the discussed module is the support of the position and heading 
updating which aims to keep positioning errors within limited bounds. This has been 
based on matching single sonar range scans with the global map. The used position 
updating is a two-step algorithm: if the match is sufficiently good (the correlation 
coefficient exceeds a certain threshold), it implies examination whether it is not very 
distant (in the terms of rotation or translation). The latter condition decreases the 
danger of dropping the method into a local extreme caused e.g. by environment 
symmetries. 



5 Functional Module Integration 

The software equipment of an autonomous robot is typically organized as a set of 
independently developed modules [16]. E.g. the experimental mobile platform GLbot 
uses more than 20 simultaneous processes. 

From the point of view of Artificial Intelligence the multi-agent approach can be 
used for software integration with advantage. 

The multi-agent architecture of the set of modules enables to make structural 
changes (like adding a new module, changing the content of some of the modules) in a 
simple way. 

Multi-agent systems (ideally) consist of a set of cooperating elements (=agents) 
which communicate among themselves in the "peer-to-peer" way using a specific 
ACL (Agent Communication Language). 

Although there is no unified, widely accepted definition of an agent, it is possible to 
identify a minimal list of basic (nearly obligatory) features of the agents: autonomy, 
ability to cooperate, and ability to learn. In the case the software modules are equipped 
with these properties, they can be considered as agents creating a multi-agent 
community. Such a community of well internally organized and coordinated agents 
exhibits a strongly integrative behavior. In the other words: The software modules 
being extended into agents can be efficiently integrated using appropriate ACL. It is 
very often spoken about the so called integration architecture provided by the multi- 
agent approach. The ACL should meet the following requirements: 

• the ACL must be general enough to enable communication among differently 
specialized agents, 

• it must be open to enable enhancement of its expressing power, 

• the ACL should make it possible to transfer different types and formats of data, 

• the ACL should provide mechanisms to transfer data processing methods that will 
execute on various computing platforms hosting the agents. 
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All the current ACL specifications are based on the idea of declarative statements 
exchanged between the agents. The commonly discussed standard for this 
communication are based on the KQML philosophy [8] or FIFA standards. KQML is, 
in fact, an external language describing the expressions that compose the ACL 
(performatives). The internal language of describing the format of the expressions is 
the KIF (Knowledge Interchange Format). KIF is a prefix version of the first order 
predicate calculus with some features added for enhanced expressiveness. The entire 
inter-agent communication mechanism is based on a domain and task specific 
dictionary of terms that are well understood by the communicating agents. 

The integration architectures usually consist of a small number of well-developed 
agents (^software modules) with a clearly defined highly specialized functionality. 
Each agent consists, as a rule, of a functional body (usually a stand-alone module with 
a well-defined functionality) and a wrapper which is responsible for agent’s 
engagement in the agents’ community (see Fig. 4). 

The wrapper recognizes and translates relevant parts of the inter-agent 
communication into the instructions for the activity of the functional body and 
mediates the results of the body activity into the agents’ community. Thus, the wrapper 
contains a representation of the agent’s behavioral model. Plenty of such models have 
been developed recently, let’s mention e.g. the twin-base model [7], or tri-base model 
[15]. 




Fig. 5 Inter-agent communication (left) and an agent architecture consisting of the body and the 
wrapper (right). 

The requirements on coordination and control in the integration architecture are 
typically very high, especially if it is aimed to reduce the volume of transferred data. 
Both the functionality and performance of a multi-agent community strongly depend 
on performance of each of the community members. The failure or loss of efficiency 
of each of the agents should be detected as soon as possible. It doesn’t seem realistic 
that each agent should identify its own suspicious behavior. This can be more easily 
detected by an independent observer. That is why there has been introduced a new 
type of agents observing and processing just the information on behavior and mutual 
cooperation of a specific group of agents inside the community. As these "higher- 
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level" agents contain and process mainly knowledge about behavior and activities of 
the other agents, they are called meta-agents or super-agents [19], 



6 Conclusions 

Many information feedback loops of diverse nature can be found within the particular 
robotics systems. These loops explore information based on sensor data gathered by 
sensors of different nature (the GLbot uses in the first place sonar, laser, odometer, 
TV camera, etc.). The raw data from specific sensors are usually pre-processed and 
then merged, fused or integrated with the data provided by the other sensors. If the 
data are gained from the sensors working on the same physical principles, it is possible 
to integrate them already on a lower level. The more diverse nature of sensor data, 
the higher level data fusion - as a part of the more global world model - is required. 

The information feedback loops used e.g. in mobile robot platforms differ in the 
tasks they are targeted at. The schematic tree of typical data fusion approaches is 
sketched in the Fig. 3, but other choices are possible, too. 

The experience of the Gerstner Lab team gathered in the development of the multi- 
agent system ProPlanT for production planning has been found useful in designing the 
multi-agent solution for the GLbot software integration [14], [15]. A simple 
agentification process converting separate modules into agents by adding wrappers 
has been applied. 

In the first version, the behavioral models (located in the agents’ wrappers) are 
surprisingly simple, but they can be significantly extended when much more 
sophisticated integration tasks would be solved. The efficiency and openness of the 
multi-agent solution was documented by different experiments when some functional 
modules (agents) were easily added or deleted. E.g., new agents as the agent for 
collision avoidance (IDA sensor-based planning) and a lidar-data based agent for WM 
updating have been added. On the other hand, the current GLbot setup enables easy 
suspension (or deletion) of old versions of agents without any danger for the GLbot 
global activities during these experiments. Of course, there are some constraints in the 
experiments, as not „to kill“ the „core“ agents which are crucial for the life of the 
GLbot (e.g. the pilot, the planner, or the local map updating agent ). 

Our experience shows that the standardization issues seem to be very important for 
software/algorithms reusability. When using a widely accepted communication 
standard (e.g. FIFA) as well as a good data organization standard (e.g. MIMOSA 
format), the exchange of software modules (agents) among different research teams 
and their simple integration into the global architectures will become quite natural. 

The integration architecture of multi-agent systems has been proven as a suitable 
scheme for integrating of software modules of diverse nature. This architecture is open 
enough to enable a systematic growth of the robot software equipment and its 
maintenance. 
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Abstract. The research activities carried out in the framework of the proposed 
paper have been directed to the development of nonlinear control techniques, 
algorithms and architectures for the free motion of robots having rigid links, 
that provide the following global control performances: global asymptotic 
stability, precision for time varying trajectory tracking, robustness at external 
disturbances, nonlinear coupling between motion axes and uncertainties of the 
dynamic model of the manipulator with drives structure, for closed-loop robot 
systems with « > 5 degrees of freedom. Thus, there is proposed a solution for 
nonlinear motion control based on adaptive control techniques. The control 
method that is proposed provides high dynamic performances for the ensemble 
manipulator - drive systems - internal transducers - controller - user interface, 
that is: high displacement speed and tracking precision on desired time varying 
trajectories, rejection of disturbances of the type: variable masses carried by the 
arm, modeling errors, measuring noise. In the framework of this paper, the 
authors designed and simulated a library of procedures, algorithms and software 
control modules to be further implemented in a generic parallel multiprocessing 
architecture, as a robot controller. In this respect, the structural design was 
directed towards VME - based bus oriented multimaster structures. 



1 Introduction 

The “motion controller" unit for robot systems is composed from two parts: 

the trajectory generator (planner), the inputs of which are represented by the 
path specifications and constraints, and whose outputs are the time sequences 
of desired positions, velocities and accelerations of the n joints of the 
manipulator: 

the trajectory controller (tracking module), the inputs of which are connected 
to the outputs of the trajectory generator, its outputs being the set of 
commands u for the n motors either as velocity signals if the actuators are 
considered as velocity-controlled generators (V-CG), or as torque signals if the 
actuators are considered as torque-controlled generators (T-CG). 

Considering that, for free motions, there are no external forces acting on the end 
effector, and neglecting the static and dynamic friction forces in the joints, the generic 

F. Pichler, R. Moreno-Dlaz, and P. Kopacek (Eds.): EUROCAST’99, LNCS 1798, pp. 224-238, 2000. 

© Springer-Verlag Belin Heidelberg 2000 
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dynamic nonlinear model of the system manipulator and drives is given by the 
equation: 

^{q)'q + C{q,q)q + ¥^q+g{q) = T , (1) 

where B(^) is the inertia matrix of the system, C(^, 4') is the matrix that contains the 
Coriolis and centrifugal effects, is the matrix of viscous forces in the joints, and 
g(^) represents the vector of gravitational forces in the system. For the plant model 
(manipulator and drives - MD), t represents the vector of commands (active torques 
in the joints) that determine a certain evolution of the (2n x l)-dimensional state 
vector [q^ q^ , where q,q are respectively the vectors of position and velocity in 
the robot’s joints. 

By extracting from B(^) the diagonal, time invariant coefficients representing the 

average joint inertia values - B , the controlled plant MD can be decomposed in two 
subsystems: 

one linear and decoupled system, having u (or t) as input and the set of 
positions and velocities q, q as output, as each component of t influences 

through B only the corresponding component of q^ (the vector of angular 
positions of motors) and hence of q, 

a nonlinear and coupled system having the set q^,q^,q^ as input and the 
signal p as output. 

When direct drive systems are used, and/or when high velocities in the operational 
space are required, considering still the effects of the nonlinear coupling p as simple 
disturbances strongly reduce the dynamic performances of the MD system, especially 
the tracking error along the imposed trajectory. 

Consequently, the motion control algorithms must rely on a certain degree of 
knowledge of the dynamic model of the manipulator: B(.), C(.,.), F^, g(.), or of its 
linear regressor model Y(.,.,.) that contains the set of pn parameters ;rthat specify the 
mechanical structure, so that they can compensate directly the nonlinear coupling 
terms between the axes. This approach leads necessarily to centralized multivariable 
nonlinear control structures. 

For this category of motion control techniques and algorithms, a real progress in 
worldwide research was possible in the last years, due to the availability of new data 
processing microstructures of high speed and storage capabilities, either at the level of 
specialized components (DSP, transputers), or at the level of new topologies of 
parallel, bus-oriented computing architectures. 

In designing the nonlinear, modular, user configurable motion controller, the 
Lyapunov design method has been used in order to determine the stability propriety in 
equilibrium points, without solving the state equations. This method is based on 
associating an energy function to the autonomous nonlinear systems that express the 
manipulator’s dynamics: the manipulator itself (its dynamic model) together with the 
actuating and transmission elements. There will be provided the condition that in each 
state of the global system, except for its equilibrium state, the energy decreases along 
the system’s trajectories until the minimum is reached in the equilibrium state; thus. 
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asymptotic stability (global or semi global) will be provided for the closed loop 
control system. 

In what concerns the main objective of trajectory tracking, the adaptive control 
structure that has been developed provides an imposed path tracking accuracy (both in 
position and in velocity), even in the presence of uncertainty situations due to: 
modeling errors, numeric computation truncations, unknown transported masses, 
noise in joint position and velocity measurements. 




Fig. 1. Multi-microprocessor parallel pipe-lined architecture for advanced motion control 

For the synthesis of the adaptive control, the authors designed a gradient - type 
algorithm for the updating of the estimates of model parameters, with additional 
facilities: 

avoiding the computation of the inverse of the estimated inertia matrix of the 
system (operation for which, in general, it is difficult to guarantee boundness, 
in the presence of model uncertainties); 

avoiding the dependence of the regressor associated to the parametric model 
on the current values of acceleration q{t ) , in order to eliminate the difficulties 
of estimation, the time delays and the important errors that appear during the 
evaluation of this signal. 
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The structural synthesis of the adaptive controller uses an algorithm that is based 
on the passivity property of rigid manipulators, which simplifies the design procedure. 
With respect to this procedure, the control law contains two terms: the first one for 
compensating the nonlinear dynamics of the manipulator, and the second one for 
providing the linear PD action. 

The utilization of this second term suggests a similitude of the adaptive controller 
with the PD one, thus increasing its robustness. 

The proposed architecture, presented in the paper contains two functional areas, 
which are connected to the VME bus: 

a centralized control zone, built around a master one-board microcomputer 
unit equipped with mathematical coprocessor that cooperates with the vision 
processor in order to generate the desired trajectory data, to compensate the 
nonlinear couplings between the axes and to adaptively update the estimates of 
the manipulator’s model parameters, 

a decentralized control zone distributed among several intelligent slave 
processors, that generate commands at the individual joint levels - the motion 
regulators, with local feedforward actions for accurate tracking of trajectory 
components for each joint. The two zones operate in parallel, in a pipelined 
configuration (fig. 1). 



2 Adaptive Control with Feedback Linearization 

Adaptive motion control uses the linear parameterization property of manipulator 
dynamics models with respect to a suitable set of parameters included in the (p x 1) 
vector 7T. 

mass of links (1 per joint - link pair (JLP)); 
components of the first moment of inertia (3 per JLP); 
components of the inertia tensor I _ (6 per JLP); 
moments of inertia of rotor i (1 per JLP); 
viscous and static friction coefficients (2 per JLP). 

The p < I3n - dimensional parameter vector ;ris constant, as its components are 
invariant characteristics of the mechanical and actuating parts of the manipulator; n is 
the number of the degrees of freedom. 

The parameterization property points out that, although the equations of motion of 
the JSDM are nonlinear, the parameters of interest such as link masses and moments 
of inertia, a.s.o., appear as coefficients of known function of the joint variables q, q , 
q ; by defining each coefficient as a separate parameter, a linear relationship results, 
so that the dynamic equations of the manipulator and drives can be written in the 
form: 



R(q)q +C{q,q)q + ¥^q + g(q) = \x = Y{q,q ,q) n (2) 



U 
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in which the regressor Y is a (n x />) matrix of known functions, having superior 
triangular form: 






0 




(3) 



where > / (1 x 13) - dimensional block matrices and n is the p - dimensional 
parameter vector. 

The choice of parameters in (2) is not unique; also, the dimension of the parameter 
space depends on the particular choice of parameters. In general, the degree of 
knowledge of the individual parameters n-^ differs; the estimate of the exact, constant 
parameter vector n will be denoted by n , and a measure of the knowledge about the 
system’s parameters will be expressed by the parameter of uncertainty n : 



K ^ K- K 



(4) 



We assume that the estimates ( B, C, F^, § ) have the same functional form as (B, C, 
F^, g) with estimated parameters, i.e.: 

^(q)q + C(q,q)q+¥^q + g{q) =Y{q,q,q)K 

with n the vector of estimated parameters. According to [1], the inverse dynamics 
control law for the system (1), (2) will be taken as : 

u = B{q)[q, + - q) + - ^)] + t{q, q)q + ¥^q + g{q) 



Denoting by ^ ^ ‘ ? l^e position tracking error, the (2n x 1) vector e: 



e = 



9 

9 



(7) 



will be taken as state vector. 

As compared with the robust control approach, which adds robustifying term = 
w, to the control law (6), in order to compensate for the uncertainty ( B, C, F^, g ) in 

the dynamic model, the adaptive inverse dynamics method leaves the nominal 
control: 



9, + ^i,9+^v9 



( 8 ) 



input unchanged, but updates at a certain rate the estimates terms (B, C, F„g). By 
substituting (6) in (3) and accounting for the model uncertainty: 

B =B- B, C =C- C, F, =F„- F , g =g- g (9) 



it results: 
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B{q)q +n{q,q)^ B (^r) + +Kp^ ] + n{q,q) 


(10) 


where for simplicity: 




= +g{q) 


(11) 


Adding and subtracting the term B {q)q in the left-hand side of (10), and in view 


of (9), it yields: 




[B(^) - B (^)l q + n{q,q) = ^{q)[ q+K^q+K^q ] 




equivalent to: 




B iq) [ ^ +Kp^ ] = B(q)q + ii(q,q ) 


(12) 


The right hand side of equation(12) is equal to Y{q,q, q)K in 


view of (5), and 


assuming that B is invertible, it gives: 




? + + Kp^ = B '(^) Y{q,q,q)n 


(13) 


By denoting: 




B'Y = 0 


(14) 


it results: 




q +Kj,^ +Kp^ n 


(15) 



Next, the error dynamics system of equation (15) is re-arranged in state-space 
form: 



q ^ q 

q = -K^q -K^q +(^ ^ 



which, by adopting the same notations for the time-invariant matrices: 






0 

K, 



I 



B, 



0 

I 



(16) 



with the positive definite proportional and derivative gain (« x «) diagonal matrices 
Kp, Kp included in A, becomes: 

e = Ae + BjO^. (17) 

Our task is to derive an algorithm for updating the estimate n of the parameter 
vector n and, by choosing a positive definite quadratic form as Lyapunov function, 
candidate to prove that the overall system is globally asymptotically stable. To this 
purpose, a symmetric, positive definite matrix P is chosen and the Lyapunov equation 
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A^Q + QA = -P (18) 

is solved for Q. The unique solution is also symmetric, positive definite, which leads 
to the following choice for the Lyapunov function candidate: 

W(e,^ Q e + ^ ^ r ^ (19) 

where F is a symmetric, positive definite (p x p) matrix. The time derivative of V 
along a trajectory of (8) is computed as: 

Substituting e from (17) in the primary above form of V , and accounting for (18), 
it gives: 

V e + Qe + T n} (20) 

In order to render V negative definite, an obvious choice for the parameter update 
law is: 

n =-r'O^B/Qe 

or, in view of (4) and because ;ris a vector of time-invariant components: 

(21) 

which makes the second term in the right-hand side of (20) zero, providing thus: 
V (e) < 0, \fe 0 , V ( 0 ) = 0, and V is negative definite along all error system 
trajectories. Hence, the system is stable in the sense of Lyapunov, i.e., the origin e = 0 
is globally asymptotically stable for the nonlinear overall system whose error 
dynamics is expressed by equation (17). 

Thus, e{t) and k (t) are bounded. However, in order to prove rigorously that the 
tracking error does indeed converge to zero, several additional aspects must be 
considered: 

1. It must be guaranteed that the function O = B'Y remains bounded, which 

requires that the estimate B (■) never becomes singular, i.e. B must be 
guaranteed to be invertible, possible by the use of projection in the parameter 
space. One way to ensure this is to impose to the estimate parameters n to be 
in compact, fixed region about the true parameters n. This implies that the 
border of the variance region for n must be pre-defined, which is equivalent 
to specify a priori the worst case estimates of the uncertainty n , sup ||^|| . If 
the parameter estimate n should ever leave this fixed region, the estimation 
algorithm should be designed to automatically set n to the boundary of the 
region [2]. 

2. From (14) it results that O depends on the acceleration ij of the manipulator, 

and in order to execute the parameter updating according to the update law 
(21), the acceleration needs to be measured, or at least evaluated indirectly by 
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resorting to analog or digital filtering techniques applied to position (and 
velocity) measured signals [q^ Y ■ Since e and n , and hence q , q and 

n are bounded, the acceleration tracking error q and hence the acceleration 
ij will be bounded by solving for ij in equation (15). Thus, e is bounded 
from (17) and from space-representation implying that e is uniformly 
continuous, and hence e — ^ 0 as t ^ 

3. Suppose that related to the error dynamics equation (17), an output function 
j = C e is defined in such a way that the transfer function C[sI-A] 'Bj is 
strictly positive real (SPR). Then, it can be shown, using the passivity 
theorem, that for a symmetric positive definite matrix P, there exists a 
symmetric positive definite matrix Q satisfying the equations: 

A^Q + QA = -P, = (22) 

which bring the update parameter law (21) to the form: 



i = r ' C e 



(23) 



where F = is positive definite. 

4. The SPR property for the transfer function C[sI-A] 'Bj also represents the first 
condition for the convergence of parameter estimates K to their true values K. 
Second, parameter convergence requires that the reference trajectory q^ 
satisfies the condition of persistency of excitation: 



m+T 

a I < j Y\q„ q„ q^Y (q„ q„ q,)dt < (3 I 



(24) 



for all where a, (3 and T are positive constants. Such a trajectory q^ is 
considered to excite sufficiently the dynamic response of the system, so that 
the effects of the various parameters can be distinguished and can be used as a 
part of a "learning" algorithm to identify the system parameters, which can 
then be used in an inverse dynamics control law for tracking of any trajectory 

[9]. 



By exploiting the passivity of rigid dynamics, states that the mapping from the 
joint torque (input controls) u to the manipulator velocities q is passive, i.e., there 
exists (3 > 0 such that: 

"r (25) 

jf(^)T(^)d^ >-H(0) = -13 
0 

H( ) being the total energy of the manipulator at the current time, it is possible to 
derive more elegant and robust passivity-based adaptive control algorithms for 
manipulators. Such control algorithms, including the adaptive parameter update 
mechanism, are simple to design and implement as compared with the one above 
described. 
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Slotine and Li developed such adaptive control algorithms [7] based on a different 
approach as compared with that of inverse dynamics in the sense that, even with exact 
knowledge of the parameters, the control law does not linearize the equation of the 
motion of the robot. 

This approach overcomes the main drawbacks of the adaptive inverse dynamics 
control previously described in that it does not require any measurement or estimation 
of the manipulator acceleration ij , nor does it require inversion of the estimated 

inertia matrix B , thus making unnecessary the a priori specification of the variance 
domain for the parameter uncertainty n . 

The passivity based control algorithm will be first presented in the case of perfect 
known parameters: n= n. 

Given the dynamic equation of the manipulator and drives system: 



'&{q)'q + C{q,q)q + + g(^) = u (26) 

the choice for the inner loop control is now: 

« = R(q) V + [C{q, ^ ) + FJ v + g(^) + K„ r (27) 

where v and r are defined, in view of ^ ^9^-9, as follows: 

q^ + Aq (28) 

r = v - q = q + Aq 



with Kp, A diagonal matrices of positive gains. The term r introduces a linear PD 
action on the tracking error q ; as for the input v, this one weights the contribution 
that depends on velocity not only on the vase of the desired velocity q^ (t), but also on 
the basis of the position tracking error q (t). 

Substituting (27) into (26), and accounting for (28) and (29) it gives: 

B( 9 )( V -q) + [C{q,q) + FJ (v - ^ ) + K„ r = 0 (30) 

equivalent to: 

^(q)r +[C(^r,^) + FJr + K„r=0 (31) 

where, from (29), v - q ^ r . Taking as state-space vector for the system the error: 

? KRl (32) 

q+Aq r 

the choice of a Lyapunov candidate function that covers the entire system state e, will 
be: 

V(e) = Y(q ,r)= / B(^) r+ ^ ^ M q 



( 33 ) 
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This quadratic form (33) ensures Y{q ,r) > 0, ^ q , r 0 and V(0,0) = 0, that is V 

is positive definite for a positive definite (n x n) matrix M. The time derivative V of 
V along the trajectories of the system (31) is: 



y = r B(^) r + ^ r B (q) r + q^ yV q 
Substituting B(^) r from equation (31) into equation (34) gives: 

V = 1 r" [B (^) -2C{q,q)\ r - i [F^ + KJ r+ ^ M q 

and by exploiting the skew-symmetry property of B - 2C: 

V = -r^F„r-r’^Kj,r + q 

Using now the definition of r in equation (29), after some algebra , it results: 
y = -r¥^r- q^K^q - q^ AK^Aq + ^^(M-2AK„) q 



(34) 



(35) 

(36) 



In order to render V negative definite, and in view of the negativeness of the first 
three terms in the right -hand side of equation (36), a convenient choice for M is: 

M = 2AK„ (37) 

for which V has the final expression: 

y ^-rF^r-q^K^q -q^AK^Aq (^8) 

with V (e) < 0, Ve 0, V (0) = 0. It follows that the origin (q = 0, r = 0) of the 

state-space is globally asymptotically stable. 

Moreover, from equations (33), (34) and (38), r is a bounded square integrable 
function, and from the definition (29) for r, it follows that e and e are bounded, and 
e ^ 0 as t > oo. From the system dynamics (3 1), r is bounded - which implies that r 
and hence V are uniformly continuous. Therefore, r converge to zero, which further 
implies that e 0 as t 

The previously obtained results will be used now to design a control law that is 
adaptive with respect to the vector of parameters ;r. It is considered that the estimate 

n of the parameters of the computational model ( B, C, F„ g ) of the robotic dynamics 
differ from the exact set n, i.e., there exists a nonnull parameter uncertainty n 
reflected in the model uncertainty (B, C, F,, g ) according to equations (9). Then, the 
control law is chosen as: 



«= B(^)v + [C(^r,4') + F> + g(^) + KDr = Y{q,q,q,v,v)n + K^r 



(39) 
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Because v ^ q^ + Aq , the regressor Y does not depend on the manipulator 
acceleration ij , but only on v , that is on the acceleration of the reference trajectory 

q j, and on the velocity tracking error q ; this avoids problems related to acceleration 
measurement or indirect evaluation by velocity filtering. 

Substituting the control input u of equation (37) into the system equation (26), 
gives by a similar procedure as above: 

B(?) ( V -^ ) + [C(q,q) +FJ (v-^ ) + K,, = 

B(^) V + [C(9 , q) + F;]v + g(q)= Y(q,q,v,v)^ 

equivalent to: 

B(q)r +[C(q,q) + ¥^]r + K^r= Y(q,q,v,v)^ (40) 

The Lyapunov candidate function will be modified, as compared to the choice in 
equation (33) and in view of the result obtained in (37), to the form: 

It ~t ~1~t~ (41) 

Y(q ,r,n: )^ — r B{q) r+q AK^ q + — n: T tt 



with r a symmetric, positive definite matrix. For this new function, the time 
derivative of V along solution trajectories becomes: 



V ^rB(q)r + 



1 

2 



/ B (^) r + 2 ^ AKj, q + T n 



(42) 



One substitutes B(^) r from equation (40) into equation (42), and exploiting the 
skew symmetry of (B -2C), after some algebra, it results: 



- q^ AK^ A^ + \T k + Y^{q,q,v,v) r ] 



(43) 



The adaptation law for the estimate n of the parameter vector is chosen so that the 
last term in the right-hand side of equation (43) vanishes, i.e.: 



n =r' Y^(q,q,v,v)r 



(44) 



in view of equation (4) and of n being constant. This choice for the adaptive 
parameter updating law leads to: 

Y =-r¥^r-q^K^q -q^ A\L^Kq <^^ 5 ) 

for which V <Q,\/q,ri=Q, and V = 0 for ^ = r = 0. The error trajectories globally 
and asymptotically converge to the origin e = 0 ( ^ = 0, r = 0) of the state-space e = 

[ q ^ rf which implies convergence to zero of ^ ^ and boundness of n . 

Fig. 2 represents the block scheme of the adaptive feedback linearization control 
with PD action. 
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Fig. 2. Passivity-based adaptive control with PD action 
It can be recognized that the adaptive control law that has been designed: 
Y{q,q,v,v)7i +K^{q + Kq) 
highlights the following actions: 

an adaptive feedback linearization that uses the term Y n for compensation 
nonlinear dynamic effects; 

a stabilizing PD control action exerted by the term r on the trajectory 
tracking composite error: q + Kq . 



The global adaptive feedback uses parameter estimates n that are updated by an 
adaptive law of gradient type (44) to their asymptotic values K. 

A number of refinements to this basic approach have been proposed. Using, for 
example, the reference trajectory instead of the measured joint positions and 
velocities in both the control and parameter update laws: 



with: 

n =r‘ Y^{q^,q^,qj) {q +Kq) 



(48) 



it is possible to obtain: 

exponential stability of the tracking error in the case of known parameters; 
asymptotic stability in the adaptive case of computed parameter estimates; 
convergence of the parameter estimation error to zero under persistence of 
excitation of the reference trajectory. 
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The passivity-based adaptive motion controller can be generally formalized with 
the following generic control law and adaptation law: 



H = B (/?) V-I- [C{p, Pi ) + F J \Z-I- g(p) -fKp£- + KDi/-i-K, \\ef y 



(49) 






(50) 



where: 



r ^ q + Aq with q ^ q^ - q and A diagonal matrix of positive gains, no- 
necessarily time-invariant; 

B (.), C (.,.), F g (.): estimated counterparts of the components (B, C, F^, g) 
of the manipulator dynamic model; 
r is a (p xp) positive definite matrix of adaptation gains; 

Y(.,.,.) is a (« X p) regressor matrix of known functions for the manipulator 
dynamic model; 

p, Pj, V, V , e and v are signals that depend on the particular passivity-based 
adaptive controller to be used. 

It must be pointed out that the adaptation law (50) for parameter estimate updating 
is of gradient type, driven by trajectory tracking error. 

As for the control law (49), two parts can be distinguished: the first one (containing 
the first three terms in the right hand side of (49)) is responsible for compensating the 
non-linear dynamics of the manipulator, while the second one (containing the last 
three terms in the right hand side of (49)) represents a linear PD action. 

The fact that the parametric error n depends both on the tracking error q and on 
the prediction error q motivated Slotine to propose as alternative adaptation 

mechanisms the so-called adaptation law of composite parameters [8]. These laws 
extract information about the true parameter set from the prediction and tracking 
errors, and have the form: 

K = r'(t) { Y’'(^, q,v,v)r + W^(^, ^ ) R 

where R = > 0 is a weighting (« x n) matrix. This weighting matrix will be used to 

evaluate at what extended influences the prediction error in the composite law (51) 
with respect of the tracking error. 

In order to generate the matrix F(t) of adaptation gains, various techniques can be 
used. The most general algorithm is the cushioned-floor method [8] : 

r'(t) = a{t) {r'(0 - r-'(0 k„ r’(0} - r’(o Yffq, q ) r w(^, q ) r’(o (52) 

where: 



r‘(0) = r'\o) = 0; 
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- k, = k;>o 



- a(t) = a„ 



ElM' 

ko 



a„ > 0, k„ > 0 is a variable omission factor. 



This method allows to impose an upper-margin to the adaptation law, of the form 



3 Conclusions 

The approach that has been considered in the research refers to the category of 
nonlinear, multivariable control, with original contributions in the following respect: 

1. Development of a robustifying algorithm for the linear stabilizing control in 
robust control structures, by using Look-Up-Table correspondences, off-line 
computed, and dependent on the joint space configuration. 

2. Development of an adaptive control algorithm based on the passivity property 
of rigid robot systems, having a new adaptive law of gradient type with 
dependence on the parameters of the desired trajectory for updating the 
regressor model parameters k. 

3. Development of multiprocessor control architecture with acceleration of the 
feedforward centralized compensations for the nonlinear coupling between the 
first three principal axes of the anthropomorphic and SCARA-type robots. 

It can be observed that, unlike for inverse dynamics controllers based on feedback 
linearization, in passivity-based adaptive controllers the adaptation loop affects the 
compensator Y(. of the nonlinear dynamic model as long as it does not interact 
with the feedforward loop. 

Another useful feature of passivity-based adaptive controllers is their reduced 
computational effort, which makes them particularly attractive for implementation 
purpose. 

The passivity of the adaptive controller can be interpreted like follows: due to the 
presence of the gradient-type adaptation law the closed-loop system can be 
decomposed in three interconnected blocks, as represented in the Fig. 2. One of them 
- the parameter updating adaptive law - is passive, as results from: 

T 

(- Y(.)^, r) ^ - j (Y(.)^(^))V(^)d^ 

0 (53) 

= > - 1 F(0)r^(0) =-p(0) 

i dt 2 

in view of equations (50), (4), and const. 

As a concluding remark, the research and design activities that are presented in the 
framework of the paper aim to produce a complete documentation for the future 
implementation of a powerful, generic robot controller to be used as research platform 
for advanced robot control. 
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Abstract. An approach to the mobile robot path planning among 
heterogeneous regions is presented. Proper weight factors are associated with 
the regions of different kind (rock, sand, grass) to characterize the amount of 
the difficulty required to travel through that particular region, as compared to 
traveling over a flat, smooth surface (corresponding to a minimum weight). The 
weighted regions are represented in the form of modified matrix quadtree. The 
technique of distance transform is extended to the weighted regions and applied 
to the robot path planning. Illustrative examples are included. 



1 Introduction 

Application areas of robots in flexible manufacturing and assembly systems but also 
in agriculture, forestry and other services demand use of intelligent robots. Planning a 
collision-free path is one of the fundamental requirements for a robot to execute its 
tasks [1]. The objective is to navigate the robot from its start position to a goal 
position in the presence of a given set of obstacles and not to collide with any of 
them. In the standard path planning approaches all the obstacles in workspaces are 
assumed to be impassable (solid). 

Much work has been done on solving the path planning problem between distinct 
locations in an environment with impenetrable obstacles. However, not all 
applications can be treated in this way [2]. Such an example would be the path 
planning for a mobile robot traveling over various terrains. The terrains may include 
regions that are indeed inaccessible (such as rocks), but may also include regions that 
just slow the movement down (such as sand, grass). Such regions can be modeled by 
assigning a particular weight factor to each of them. The weight of a region represents 
the amount of the difficulty or loss required to travel through that particular region, as 
compared to traveling over a flat, smooth surface (corresponding to a minimum 
weight). 

Using quadtree representations [3] in mobile robot path planning in many 
applications may simplify the algorithms, because large areas of obstacles or those of 
free space can be represented by small number of square blocks with different 
dimensions [4]. The matrix form of quadtree enables compact description of the scene 
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with weighted regions. This is used in the presented approach to the path planning 
among weighted regions. 

The proposed approach is based on the distance transform technique and uses an 
artificial path planning wave to efficiently search the quadtree in order to find the 
weighted shortest path. The wave is used to compute a weighted distance transform of 
the quadtree for a given goal position. The weighted length of a path through such a 
region is determined by the distance of the path (in the chosen metric) times the 
weight of the specific region. Then from any starting point in the environment, the 
shortest path to the goal is traced by following the path of steepest descent. The 
sequence of free region quadrants includes at least a collision free path of the mobile 
robot. The weighted distance transform of the quadtree can be effectively performed 
using the recently proposed repetitive neighbor finding strategy [5]. 

First, the so-called matrix quadtree is described and modified for the representation 
of mobile robot environment, which is heterogeneous. Then the distance transform 
map is extended for quadtrees with weighted regions and the algorithm for path 
planning will be described. Finally, illustrative examples show the path planning 
results. 



2 Quadtree Representation 

A quadtree representation of a binary image is a tree whose leaves represent square 
areas or quadrants of the image and are labeled with the color of the corresponding 
area, i.e., BLACK, WHITE, or GRAY (both black and white). The quadtree R 
corresponding to a (2^ x 2” )-dimensional binary image can be characterized as a 
column vector of all the GRAY node descriptions [6] 

R=[P,P„ (1) 

where L is the number of GRAY nodes. A GRAY node at level k of quadtree 
representing a (2‘‘ x 2‘‘)-dimensional region can be described as an ordered quadruple 

p. = (Q„,Q.,Qb,Q.4), (2) 

where Q^, m = 1, ... , 4, denote its four children at level k-1. 

If is a leaf or terminal node, its value can be assigned one of two distinct non- 
positive integers for the corresponding color; e.g., it is proper to use 

[- w for BLACK quadrat, 

Qim =< 

[ 0 for WHITE quadrat. 

If is a nonterminal node, there must be a quadruple later in (1) describing the 
corresponding quadrant. Hence, it is appropriate to substitute 



Qim ^ r, for GRAY quadrant. 



(4) 
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where r = 2,3,..., refers to the position (row) in vector (1) where the quadruple 
corresponding to this GRAY quadrant is described. As the quadruples (2) consist of 
four integers, the quadtree description (1) is an (L x 4)-matrix, consequently the name 
"matrix quadtree". The matrix quadtrees are minimum and top-down descriptions of 
binary images. 



3 Weighted Regions 

A quadtree is a recursive decomposition of a 2D environment into uniformly sized 
regions. The nodes of a standard quadtree can be classified according to the above 
definition as either (i) free nodes, representing obstacle-free areas; (ii) obstacle nodes, 
representing regions full of obstacles, which cannot be traveled through; or (iii) mixed 
nodes, representing regions of both obstacle and free space. 

An important feature of matrix quadtree description is that the substitutions for 
terminal nodes given by (3) can significantly extend the informational content of tree 
representations. Besides their main role, to give information on the shapes and 
locations of 2D regions or objects, they allow to store further relevant information on 
areas considered. Namely, different negative integers can be used to distinguish 
among more objects in a scene represented by one tree, to assign colors, labels for 
connected areas, to store distance data, or another information related to the 
corresponding nodes. 

Hence the matrix quadtree description is proper also for effective representation of 
a scene with weighted regions. Different negative integers can be used to assign the 
weights of given regions. We can define: 



- w for weighted regions, 



Qim = <^ - 1 



for free regions, 
for forbidden regions, 



(5) 



where w > 1, for the matrix quadtree representation of weighted regions. 

For example, the 2D scene in Fig. 1 is described by the matrix quadtree given in 
Table 1. In this matrix, appearance of a positive integer, say r, means that the 
subquadrant associated with the given column is nonterminal and is described in the r- 
th row of matrix. All negative and zero entries denote terminal nodes, i.e., O’s denote 
the forbidden regions (C) (impassable or solid obstacles), -I’s are for free regions 
(weight 1), -2’s and -3’s are for the regions with the weights 2 (A) and 3 (B), 
respectively. 
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Fig. 1. 



Table 1. 
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4 Distance Transforms 

Distance transfomis (also known as distance maps) have been used in robotics for a 
variety of path planning and collision-avoidance applications [1], A distance 
transform is the minimum cost to reach a particular location from a starting position. 

Computational implementations of these distance maps invariably involve 
discretized of grid-based representation of the domain over which the distance map is 
defined. This distance map is represented in an array with each pixel containing an 
integer representing the distance between it and the given goal pixel. A main 
drawback of such discretized representations, however, is the large amount of 
memory required to store it. Larger spaces and/or finer resolution, of course, increase 
this usage exponentially. 

A more memory-efficient method than a raw binary array is the quadtree data 
structure [3]. The distance transform for a quadtree can be defined as a function/map 
that yields for each free quadrant in the tree the distance (in the chosen metric) to the 
quadrant containing the given goal point G. 

The quadtree distance transform uses an artificial wave starting in a given quadrant 
G to efficiently search the quadtree in order to find the shortest paths to other 
quadrants. Note that the wave is not an actual physical wave but an artificial 
computation technique. The wave propagates outward from G. The boundary of the 
propagating wave at any point in time is called the wavefront. It encloses the area that 
has been searched by the wave at a particular point in time. When the wave assigns a 
distance transform value to a particular quadrant, that quadrant is said to be covered 
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by the wave. If all the free quadrants are covered, the transformed quadtree can be 
used to find the shortest path from any free quadrant to the quadrant G. 

The essence of most methods for computing distance transforms is to approximate 
the Euclidean distances between pairs of pixels by propagating distance information 
locally and adding increments that represent distances between neighboring pixels [7], 
[8], [9]. In the case of quadtree representation the distance transform is computed 
rather at squares of different size than at pixels [10], [11], [12], Therefore the 
definition of distance should be oriented to the nodes of quadtree and to the type of 
neighborhood chosen. 

For the sake of simplicity, the neighbors in 4 main directions will be considered 
only, i.e. the pairs of edge neighbors in the horizontal and vertical directions. The 
distance between two neighboring nodes of quadtree can be defined in different ways. 
In this paper the distance corresponds to the size of neighboring node, hence the 
distance transform maps the sum of neighboring nodes’ sizes from the reference/goal 
node (quadrant) to the respective one. Hence the global distances in the scene are 
approximated by propagating local distances, i.e., distances between neighboring 
quadrants. 

To illustrate the process of quadtree distance transform, assume the reference 
(goal) node is the uppermost one on the left of the scene in Fig. 2. It is reasonable to 
associate/map its size (8) as the starting value of following transformation. Then for 
its two edge neighbors the values are computed as increments to the starting node 
value, i.e., 8 + 8, and so on. Naturally, the incrementation is performed only once for 
every node. 



□ 4 8 12 16 20 24 28 32 36 40 44 48 




Fig. 2. 



The distance transform computation algorithm requires to examine the four 
neighbors of each free node. This can be effectively performed using the recently 
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proposed repetitive neighbor finding strategy [5], It is worthy to note that the 
neighbor finding algorithm used in this case can cope also with the neighbors of 
nodes with smaller sizes. 



5 Weighted Distance Transforms 

Let a path P from S to G (the positions of the start and goal) consists of a sequence of 
line segments (pj);, p,P 2 , ... , Pg.iPg), where p^ and p^ are the positions of S and G, 
respectively. Let L(a,b) denote the unweighted path length between locations a and b 
(i.e., through a region with a weight 1) corresponding to the sum of the lengths (in 
some metric) of the line segments making up the path. Let w(R) be the weight of a 
particular region R, where 0 < w(R) < oo. The term weight and cost, when referring to 
a particular region, will be used interchangeably throughout this paper. The weighted 
length of a segment cd in R is defined as L(c,d)*w(R). Thus, the weighted length of a 
path P from G to S is simply the sum of the weighted lengths of the line segments 
making up P. Of all possible paths from S to G, the path of minimum total cost 
corresponds to the weighted shortest path between the two locations. There can be 
any number of weighted regions in the workspace, and each weight can be of any 
nonnegative value. 




Fig. 3. 

The weighted distance transform can be converted into the quadtree representations 
by copying the above ideas. If the distance wave reaches a quadrant with weight, then 
the increment added to the previous value is simply multiplied by this weight forming 
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the weighted local distance. This can be seen in Fig. 3, where the first quadrant of a 
weighted region has been reached. If the weight factor of this region is 2, the 
corresponding distance increment has to be multiplied by 2, therefore this node gains 
the transform value 20+2*4=28. 

In this way the weighted distance transform of the whole workspace can be 
performed. Naturally all the weighted regions are included into the distance transform 
except the forbidden ones. Note that in the case of weighted path planning the start 
and/or goal points can be positioned also in the weighted regions. 



6 Path Planning 

In the case of general weighted region, the robot environment is partitioned into a set of 
regions, each of which is associated with a given weight factor. A path through a 
weighted region assumes a cost that is determined by the defined distance of the path in 
that region and that region’s weight factor. 

We are interested in generating a shortest path between two distinct locations in an 
environment consisting of weighted regions. We base the optimality of the weighted 
path on the above mentioned definition of distance and the weighted distance 
transform of all the free and weighted regions. 

Let the robot’s 2D environment (workspace) be represented by a matrix quadtree 
using substitutions (5). It means that all the weighted regions are marked by the 
weight factor (with minus sign), free regions have the factor 1 (in the matrix -1) and 
the forbidden areas are assigned as 0. 

Given the goal (G) point in the workspace, first we determine the corresponding 
quadtree leaf node G, representing the region of the space containing this point. For 
this goal node G the weighted distance transform of workspace is performed in the 
way described above. It consists of marking every free or weighted node with its 
distance or weighted distance from the goal node. The matrix quadtree enables direct 
storing of these extra data as they can be put into the corresponding matrix entries as 
integers with minus sign. Now, from any starting point in the environment, the 
shortest path to the goal can be traced by following the path of steepest descent. 

Beginning with the node corresponding to the start point S, the transformed 
quadtree representation is used for finding an optimal node adjacent to the node being 
processed, i.e., the neighbor node with the least distance value is chosen as optimal. 
This distance optimal node is included into the path list. The process continues with 
searching an optimal neighbor for this node and is repeated up to reaching the 
neighbor node identical with the node G. 

The result of applying the proposed algorithm to the transformed quadtree 
representation of workspace is the list of nodes from the quadtree that determines a 
sequence of adjacent free or weighted squares (ordinarily of varying sizes). This space 
includes at least one weighted shortest path between the start and goal nodes, passing 
through free and weighted regions. If desired, an optimal path through these squares 
can be computed. 
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Fig. 4. 




Fig. 5. 
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Fig. 6. 
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Fig. 7. 



Now some computer simulation results of solving the path planning in different 
weighted robot workspaces are presented. In the first example the 2D scene has been 
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considered according to the Fig. 4. If the region A is associated with the weight factor 
2, the distance transform optimal path passes through this region as it is shown by the 
dotted line between the start point S and the goal point G. However, if the weight 
factor of the region A is 3, the resulting path will bypass this region as it is shown in 
Fig. 5. 

In the second example the 2D scene with more objects is presented - Fig. 6, where 
the regions A and B are assumed to have the weight factor 2 while all the other 
regions are forbidden. The resulting path between the quadrants S and G is drawn by 
the dotted line. The path passes through A and B. However, if the weight factors of 
regions A and B are 3, the resulting path bypasses these regions as shown in Fig. 7. 

Finally note that although the resulting paths are not so optimal as in the case of 
more elaborated methods [2], nevertheless the computational efforts by this approach 
are not so extensive and the results are satisfactory. And also, an extension to 8- 
neighbor case can improve the optimality of path planning. 



7 Conclusion 

The hierarchical nature of quadtree representation makes it popular in mobile robot 
path planning because it is very efficient for representing large areas of obstacles and 
free space. This has been extended to the representation of scenes with weighted 
regions. For such representations the distance transform has been introduced to form 
the basis of effective path planning in terrains with different types of obstacles. 

The proposed path plaiming approach requires less computational effort, as always 
the largest parts (quadrants) of the free space or weighted regions are investigated. 
The distance transform of the robot workspace (based on the new neighbor finding 
strategy) can be performed very quickly. Computer simulation results of solving the 
path plaiming in different weighted robot workspaces illustrate the proposed 
approach. 

The presented weighted region path planning for mobile robots can be used for 
different heterogeneous environmental terrains. Naturally it can be simply extended 
for the 3D cases, assuming octree representations. 
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Abstract. The article describes construction of a mathematical model 
of a robot The method is based on a matrix calculus. The advantage of 
the described method is in unified approach which allows systematic con- 
struction of mathematical model of mechanical part of a robot together 
with its electrical drives. Matrix engine of the MATLAB-SIMULINK 
then allows easy simulation of the complete robot. The article also dis- 
cuss classical way of model construction and gives its comparison with 
the matrix approach. 



1 Introduction 

It is well known that the realistic mathematical model of an industrial robot 
is a complicated non-linear system. Until now, methods for modelling of robots 
and design of their control systems were rather complicated. The aim of this 
paper is to show that the above mentioned problem could be simplified with the 
use of MATLAB-SIMULINK^ software. MATLAB which stands for matrix la- 
boratory is a well known computing environment for high-performance numeric 
computation with matrices. SIMULINK is built on the MATLAB numeric com- 
putation system, offering to the analyst and/or designer immediate access to a 
comprehensive selection of mathematical and engineering techniques for further 
analysis of an investigated dynamic system. The advantages of the software are 
shown in this article on example of a robot modelling and simulation. 



2 Classical Model 

The mathematical model of the mechanical part of the robot is generally ex- 
pressed in the form of a set of differential equations which are usually written in 
matrix form: 



H{q)q + h{q,q) = T (1) 

^ MATLAB and SIMULINK are registered trademarks of the MathWorks, Inc. 
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Fig. 1. Kinematic scheme of a manipulator 



E.g. for very simple planar manipulator from Fig. 1 the equations are, [1]: 

(to + 2 7713 h h cos q2) iji + (m3 ll + rri3 I3 l\ cos 92) 92 — 

- TO3 Z3/1 92 (92 + 291) sin 92 = Ti 
(to3 + TO3 ?3 li cos 92) 9i + TO3 ?3 92 + TO3 I3 h ql sin 92 = T2 

TO = TOi + TO3 Zj + TO3 



Knowledge of dynamic model of mechanical part only is not sufficient for 
control synthesis. One must know also model of actuators which develop driving 
torques and forces. General dynamic model of a simple DC drive is described in 
state variable form (3) and matrix form (4). Torques and forces from (1) and/or 
(2) can be considered as disturbing (reactive) forces acting on individual drives 
of course via gearing. That is why coordinates q of the manipulator, coordinates 
0 m and ujm of drives, torques T of the manipulator and torques M of the drive 
are related by gear ratio N, see eq. (5). 

^mk ^mk 

^mk — [Cm ^mk ^mk) / 

'i’k — T (^fc CeUJmk 



t" !Y 



(4) 



where 



^mk — [ 0 mk ^mk '^k] ; 0 mk — qkt ^k — Rk/R^ki ^ — I5 2 (5) 
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Denoting state vector of the complete system = [gi coi i\ <72 ^2 *2]^ 
where ui means velocity of respective joint co-ordinate we can substitute from 
equations (2) and (5) to equations (3) and write complete equations of the robot 
(manipulator with drives) in form 

qi = ui 

LOi = {Crail - NBraOJl - ^ [(m -|- 2 m3 /s /i COS ^2) -|- 

+ (m3 ?3 -|- m3 ^3 ^1 COS <72)^2 ~ ^3 ^3 ^lW2(w2 2wi) sin (72) 

11 = y^(ui - CeNuJi - Rii) 

(6) 

92 = OJ2 

d>2 = (Cm*2 ~ NBmt02 ~ [(m3 + m3 li COS 92) -|- 

+ m3 ?3 UJ2 + W3 ^3 sin 92]) 

12 = y^(u2 - CeNuj2 - R12) 

While equations for g, i are ordinary state equations the other two equations 
for Lo are not true state equations and create ’’algebraic loop” which should be 
resolved to bring the equations to form 



w = /(Xr) 



(7) 



Fortunately the algebraic loop is linear with respect to Co and can be rewritten 
in form 



Co\ — A.\Co\ -\- B\Co 2 C\ 
OJ2 = ^2^2 + B2OJ1 C2 



(8) 



where 



Ai = - j^2j (w + 2m3^3^iCOS92) 



Si = - 



N^Jr 



-(m3 l\ + m3 h h cos 92) 



Cl — [Cmil — NBmOJl -\ — W2(W2 + 2 OJi) siu(72] 



(!•) 



S2 = - 



N'^Jr 



-(m3 I3 -I- m3 I3 h cos 92) 



^ 1 mzhhuJi . 

C2 = -j^-J-{Cml2 - NBmL02 SlU (72 ) 



N 
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Solution of equations (8) gives us rather complicated state variable equations 

— A2C1 + B1C2 + Cl 

(jJ-\ 

A1A2 — A\ — A2 + 1 — B1B2 

(10) 

— A1C2 + C *2 + C1B2 
A1A2 — Ai — A2 + 1 — B1B2 

which can be used for classical modeling of the robot. Of course situation will 
be much more complicated for manipulator with greater number of degree of 
freedom. 

3 Matrix Model 

Matrix access to robot modeling is discussed in [2]. Considering equations (6) 
and relation (5) one can write model of a drive in form 

Xfc = AfeXfc + bfcMfc + ffcTfe (11) 

where x^ = [q^ LOk ikY' individual matrices are 



ro 1 0 1 ron r 0 1 




Model of both drives together can be written again in matrix form 

Xr = ArfXr + BdU + FdT (13) 

where complete state vector of the robot x^ = [x^; xj]^ and matrices Kd-,^d 
and Fji are diagonal block matrices consisting of the respective matrices of in- 
dividual drives, thus 

Ad = dia5(Ai, A 2 ), 'Bd = diag{hi,h2), Fd = dmg(fi, £ 2 ) (14) 

The vector of joint co-ordinates q may be obtained from the complete state 
vector with the help of multiplication by a separation block matrix = diag(kg), 
where = [1 0 0]. Thus q = TgX^. Similarly, the vector of velocities of joint 
co-ordinates may be obtained in the same manner, but now the separation matrix 
is = diagili^), where k^^ = [0 1 0], thus: 

q — T^x,., q — Tj_jX^ (1^) 

Now we can write equation (1) in form 



H(Xr)T;jXr + h(Xr) = T 



(16) 
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substituting for T from (16) to (13) we come to matrix “algebraic loop” which 
can be solved more easily than in the classical case. We come to model 

Xr = [I - FdH(xr)T^]“^[AdXr + BdU + Fdh(xr)] (17) 

or 

Xr = Ac(xr) + BcU (18) 

where 

Ac = [I - FdH(xc)T^]"^[AdXc + Frfh(xc)] 

Bc= [I-FdH(xc)T^]-iBd 

which can be easily implemented in MATLAB-SIMULINK thanks to its matrix 
calculation engine. Model in MATLAB-SIMULINK is shown in Fig. 2. MATLAB 
functions Be, suma and Ac are listed in Appendix. 



1 

u1 

2 

u2 




Fig. 2. Simulink scheme of the robot 



The described principle can be used for systems with greater degree of free- 
dom easily. Equations (17) and (18) stay true for such a case . User of the model 
simply fills in the matrices which prevents making errors significantly. A disad- 
vantage of the model is lower speed of simulation run as inversion of matrices 
must be done in each integration step. 
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Appendix 

Ac - matrix of complete system model of 2 joint robot with drives: 

function y=ac(x) 
global A B T F ml m3 11 lid 13 
H= [ml*lld''2+m3*ll''2+m3*13~2+2*m3*13*ll*cos (x(3) ) 
m3*13~2+m3*13*ll*cos (x(3) ) 

0 

h=[-m3*ll*13*x(4)*CxC4)+2*xC2))*sin(xC3)) 
m3*13*ll*xC2)‘2*sin(x(3)) 

m3*9.81 ]; 

INV=inv(eye(3)-F*H*T) ; 
y=INV*(A*x+F*h) 

Be - matrix of complete system model of 2 joint robot with drives: 

function y=bc(x) 

global A B T F ml m3 11 lid 13 

H= [ml*lld''2+m3*ll''2+m3*13~2+2*m3*13*ll*cos (x(3) ) m3*13'‘2+m3*13*ll*cos(x(3) ) 0 

m3*13~2+m3*13*ll*cos (x(3) ) m3*13''2 0 

0 0 m3] ; 

INV=inv(eye(3)-F*H*T) ; 
u=[x(7) 
x(8) 
x(9)]; 
y=INV*B*u; 

Function suma: 

function y=suma(x) 
for i=l:6 

y(i)=xCi)+xCi+6) ; 
end 



m3*13''2+m3*13*ll*cos (x(3) ) 0 

m3*13‘2 0 

0 m3] ; 
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Abstract. In order to engineer business processes a model is needed that 
allows us to analysis and design of the dynamic properties of the processes. 
This paper shows a unified framework for data flow diagrams (DFD, for short) 
and Petri nets in modeling business processes. Introducing the concept of 
business transaction Petri net, we provide a firm mathematical basis for a 
comparison of a such Petri net to a business process modeled by a DFD. It will 
be turned out that the behavior of a business transaction Petri net is simulated 
by the corresponding business transaction system. 

The resulted framework makes it possible that the experience with DFD’s will be 
applicable to Petri nets in modeling business processes, and vice versa. 



1 Introduction 

Control engineering has been developed to meet the demand for industrialization. 
Starting from PID control, it continues to grow producing the concepts of state space 
method and optimal control. The model employed is, mainly, a set of linear 
continuous differential equations. Differential equations are often used to 
approximate the original models or to implement control algorithms into, firstly 
operational amplifiers, and then a computer. Typical examples include a chemical 
plant for refinement of crude oil, many kinds of electric circuits, and inverted 
pendulum. Now a computer can be seen as an interface device between mechanical, 
electrical, and/or human actuator and information. Such a computer can even be 
implemented in a VLSI chip and be embedded in miscellaneous industrial products. 

If we look out at organizational process such as design and development, 
production, procurement and sales and distribution rather than products themselves, 
then computers turn out to be also important components of such business processes. 
That is, most of businesses use computers and network in their business operation. 
Also used are ERP (enterprise resource planning) packages, e.g., SAP R/3, Oracle 
applications, Baan, and so on. In this way, our economies continue to invent and 
develop business processes that consist of business tasks to convert raw materials 
into finished products at customers through production. This flow of materials is 
called logistics, and a database-based information system serves as a control device 
for a company-wide virtual plant formed by its logistics. 

In order to control an inverted pendulum, first the physical law governing the 
pendulum and related things are described by differential equation. Then, using the 
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concept of state, stability and state observer, a feedback control is devised with 
operational amplifiers. This is a typical methodology to control physical objects. 

The same approach is applicable to attain suitable dynamic properties in business 
processes. For example, using data flow diagrams (DFDs) or event-driven process 
chain (Scheer, 1994; Keller, et.al., 1998), the entity types like customer order or 
production order and the activities like accept or issue orders are extracted from 
business process. Entities correspond to business documents. Dynamic aspects of a 
business process such as lead-time and through put did not been paid much attention, 
because there seems to be no good way to calculate them accurately. Dynamic 
models should have explicit relation to DFD and/or other descriptive modeling tools. 
The situation is explained as Fig. 1. 



business logistics 




Fig. 1. Engineering framework for business process 



The dynamic model of business processes is developed as a discrete-event system, 
called a business transaction system [6] (BTS, for short). It describes that the activities 
in an organizational logistics process are executed in parallel, and that the integrity and 
synchronization of the process as a whole is attained through the business documents 
that connect activities. Those documents can be either paper- or database 
package -based. B.P. Zeigler (1976, 1984) has originated the DEVS formalism mainly 
for modeling discrete-event phenomena, and the formulation of business transaction 
systems is in a multicomponent DEVS. That is, each of the activities in a business 
transaction system is a DEVS and the whole is also a DEVS. 

A data flow diagram (DFD) is a simple graphical network of data flows, business 
processes, data stores and external organizations. The data flow is a labeled arrow, 
the process a round rectangle, the data store an open rectangle, and the sink or 
source a rectangle. Since the DFD is convenient for modeling business systems. 
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most information systems methodologies have adopted it. Sato and Praehofer (1997) 
has shown that a business system modeled by DFD’s is a business transaction 
system. If a DFD has the following two characters, then is called a BTS. First, there is 
a data store between two processes. Second, each source is connected to a process via 
data store. 

Establishing the relation between a BTS to a timed Petri net, we can calculate an 
agility index of a business process. The index is known as the cycle time of a timed 
Petri net (Baccelli et.al., 1992). Certain BTS shows periodic behavior in the sense that 
the same state of a BTS is observed periodically. A BTS has a description of state 
transition function, and its state consists of the inventories of business documents and 
the list of respective times to finish operations of activities in the BTS. The timed Petri 
net corresponding to a business transaction Petri net (BT-PN, for short). 

According to Sato (1999a), this paper will provide a formal relation between a 
business transaction system and a corresponding timed Petri net called a business 
transaction Petri net. 

2 Business Transaction Petri Net 

The components of a business transaction are depicted by a data flow diagram. In this 
section we define a business transaction Petri net (a BT-PN, for short) that has an 
isomorphic dynamics to a business transaction system. 

A Petri net is defined as follows (Murata, 1992). 

Definition 1. Petri net 

A Petri net is a quintuple (P, T, F, W, po); where 

- P = {pi, p 2 , ..., Px}: a finite set of places; 

- T = {ti, t 2 , ..., ty} : a finite set of transitions; 

- F: a set of arcs between transitions and places; 

- W: F ^{1,2, ...}: the assigned weight with an arc; 

- pq: P ^{0, 1,2, ...} : initial marking of the places. 

- PnT = (|), where (|) is the empty set. 

In the above definition, x and y represent the number of places and transitions, 
respectively. For a marking pp, Po(Pi ) represents the number of tokens in the place, pi 
Therefore, po is a function from P to the set of non-negative integers. If a Petri net is 
given without any marking then it is called a Petri net structure, or a Petri net graph. For 
a Petri net graph J and a marking pg, we have a Petri net (J, pg). 

A Petri net has a diagrammatic representation. A circle represents a place. A bar 
represents a transition. Directed arcs (arrows) connect the places and the transitions. 
An arc directed from a place pi to a transition tk defines the place to be an input to the 
transition. An output place is defined by an arc from a transition to the place. 
Multiple inputs and outputs are possible with multiple arcs. An arc has its weight 
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shown by the function W. When the weight of an arc is 1, then it is not shown in the 
diagram of a Petri net, and vice versa. 

A marking shows a deployment (an allocation) of tokens in the places of a Petri net. 
That is, a marking m is a function p,:P {0, 1, 2, ...}. When a transition fires, tokens 
are transferred from the input places to the output places according to their weights. 
The fact that a place p is an input of a transition t is denoted by p e I(t), and p is called 
an input place of t. Similarly, p e 0(t) means that the place p is an output place of the 
transition t. The firing rule that shows when and how transitions fire and corresponding 
tokens are transferred. Let a transition t be arbitrary. Let w(p, t) be the weight of the arc 
from a place p to t, and w(t, p’) the weight of the arc from t to a place p’. 

General firing condition: If for any input place p of t the number of tokens in p is 
greater than or equal to w(p, t) then the transition t is said to be enabled (by the input 
tokens to fire). 

Transferring tokens: If an enabled t fires, then w(p, t) tokens in an input place p are 
removed and w(t, p’) tokens are produced in an output place p’ . If t has multiple input 
places and multiple output places, respective numbers of tokens in the input places 
are removed and produced in the output places depending on their weights. 

If there are not enough tokens in an input place of a transition then the transition is 
not enabled and cannot fire. Firing a transition changes the marking of a Petri net 
from, say, p to p’. 

In order to explicitly deal with state transition along time, we introduce the 
concept of a timed Petri net according to Baccelli et al (1992). Any place of a timed 
Petri net has its own holding time. For a token in a place, if the elapsed time from its 
entry is equal to exceeds the holding time, then it can be used to fire any transition 
that has the place as an input place. Such tokens are called matured. A transition of a 
timed Petri net will fire if it is enabled by matured tokens. 

We assume that the holding time of a place does not vary among tokens. That is, 
any token in a place is available to be used to fire the output transition if it stayed 
longer than or equal to the holding time of the place. (Different places usually have 
different holding times.) 

A business transaction Petri net is a subclass of the class of timed Petri nets, which 
satisfies additional conditions defined below. 

Definition 2. Business Transaction Petri Nets 

A timed Petri net is called a business transaction Petri net (BT-PN, for short) if 
satisfies the following five conditions: 

(1) A part of BT-PN is consists of two transitions and a place between them, |^0^|, 
is called an activity unit of the BT-PN and the place a busy place. The input places 
of an activity unit are those of the input transition of the busy place. The output 
places of an activity unit are defined similarly. The weight of the arcs coming into 
and going out of the busy place is one. 

(2) Any place that is not a busy place has one input arc and one output arc, and is 
called a connecting place. The weights of input arcs and output arcs are positive 
integers. For an activity unit there is a place of which input transition is the output 
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transition of the busy place and of which output transition is the input transition of 
the busy place. This place for an activity unit is called an idle place (of the unit). 

(3) Any arc that goes into an activity unit goes into the input transition of the busy 
place. 

(4) On any path in a BT-PN, activity units and connecting place appears alternatively. 
In this sense, it is bipartite. 

(5) Holding times of a BT-PN are positive integers, while those of connecting places 
zero. 

For any place p of a BT-PN, the weight of the arc coming into p is written by Wpp 
Similarly, the weight of the arc going out ofp is denoted as WpQ. For example, if p is a 
busy place then Wpj = Wp^ = 1 . 

3 State Transition of Business Transaction Petri Net 

We describe the state transition mechanism of a business transaction Petri net. That is, 
the precise description of state transition of a BT-PN will be defined in this section. 

Let J = <P, T, F, W > be an arbitrary Petri net structure. All of the transitions as well 
as the places of J will be numbered. Let n^ is the number of activity units of J that are 

numbered as k, 1< k < n^. For a busy place k, the input transition is represented by Pk, 
and the output transition t®k- That is , T = {Pk> l®k I 1 < k < n^} . Let n be the number of 
the places (i.e., the cardinality of P is n ). Let Pa be the set of the busy places and Pc 
the set of connecting places. Then P = Pa'-^PC PA'^PC ^ ^ hold and the 
cardinality of Pa is ua. 

Let N be the set of natural numbers, and N'^ be the set of vectors with n integer 
components. An element p, of N*^ can be thought of a marking for J. In this case, p (k) 
represents the number of tokens in the place numbered by k. Let R be the set of reals, 
and R°° = Ru{oo}. Ri*^ denotes the set of vectors with ua real components. 

The function lag: N*^ x Pa ^R°° gives the holding time for the busy places. That 
is, 

lag(p, qk) = 

lagk, if p(qk) = 1 

00 , otherwise. 

The value p(qk) denotes the holding time of the busy place numbered by k. Any 
initial marking is assumed to satisfy the following condition: 
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(Initial condition) 

For any busy place qR e Pa and arbitrary marking p e lag(p, qj-) - CR > 0 holds, 
where eR is the elapsed time from the entry of the last token currently held in the busy 
place qR. 

If no token is in qR, then the initial condition is satisfied, since lag(p, qR) = oo. 

The state transition function 5:N*^ x x in the following part of this 

section. First we define the function dueP: x R*^"^ ^Il(T), where FI(T) is the power 

set of T. For arbitrary p e and e e R*^^ , dueP(p, e) = {t°i^, t°i 2 > •••> 
each k, 1 < k < m, the following ( 1 ) and ( 2 ) hold: 

(1) I(t°iij^) ^ {qii-}- That is, t®ij,is an output transition of a busy place qij,. 

( 2 ) lag(p, qij,) - eij, = min|^q^ ^ p^j {lag(p, 

The function dueP(p, e) gives the transitions to fire at the nearest future. The needed 
time for the transitions dueP(p, e) is given by the function taP(p, e). That is, 

taP(p, e) = min^q^ ^ p^j {lag(p, da) “ I 0 < lag(p, q^) - e^^ 7 ^ oo} . 

We define the first half of the whole state transition function 5. The function 61 
X RiiA X RwA is defined as follows. Let pg = p, and for each), 1 < j < m, 

Mj(p) = 

pj-l(p) - wpo, if I(t°ij) = {qij}; 
pj-l(p) + Wpi, ifp e 0(t°ij); 
pj_l (p), otherwise. 

Let p^ = Pm, and define e^ such that e^(qk) = eR + taP(p, e) holds for each qR e Pa- 

Define 61 such that 6 i(p, e) = (p^ , e^). This definition for 61 represents that matured 
tokens in enabled busy places are removed and tokens are produced in the idle places 
that correspond to the busy places, and that the time taP(p, e) till the firing of the output 
transitions of the busy places with matured tokens are added to the elapsed times of the 
tokens in the other busy places. 

We now define 82 for the second half of 6 . The function 62 will represent that firings 
of all possible enabled transitions that are inputs of some busy places. Define a function 
st(p) to show the enabled input transitions of busy places. For arbitrary p e st(p) = 
(f'kp f‘k 2 > •••> fk^} Tor ®^ch h, 1 < h < r, the following ( 1 ) and ( 2 ) hold: 

(1) 0(t‘Rj^ ) = {qkjj}- That is, t'Rj^ is an input transition of a busy place qRj^. 

(2) For arbitrary p, if p e I(t'kj^ ) then p(p) > Wpj holds. 
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The above eondition (2) assures that the transitions of idle plaees with tokens ean 
only be in st(|i). Let |i’o = |i, and for eaeh j, 1 < j < r, 

b’j (P) = 

|i’j-l(p)-Wpo, ifp e I(Pkj); 

|i’j-l(p) + wpi, ifp e O(Pkj); 

|i’j-l(p), otherwise. 

A funetion g is used to represent the resultant p’j- gained from p. That is, g(p) = p’r- 
The final marking is represented by the funetion h that is defined as follows: 

h(p) = 

p, if st(p) = (j); 
h(g(|i)), if st(p) + (j). 

It ean be shown that the definition of h is well-defined. Define e^ e based on p 
and e e as follows: for eaeh qk e Pa, 

e^(qa) = 

0, if 0(t‘a) = {qa} and 4 e LJ[p ^ q, oo]{st(gP(p))} hold; 
e(qk), otherwise. 

Define 52 sueh that 52(p, e) = (h(p), e^). 

Now we define the state transition funetion 5:N*^ x R*^"^ x R*^"^ of a BT-PN. 
For arbitrary p and e, define 5(p, e) = 52 (5l(p, e)). The funetion 5 has the following 

interpretation for a PT-PN: Given a marking p e and a distribution e e R*^"^ of 
elapsed times of tokens in busy plaees with respeet to p, fire the matured aetivity units 
and then start aetivity units as mueh as possible, updating the elapsed times of tokens in 
busy plaees. Then the resultant marking and updated list of the elapsed times are 
represented by 5(p, e). 

4 Business Transaction System to Simulate Business Transaction 
Petri Net 

A business transaetion system that simulate a given BT-PN is defined in this seetion. 
This seetion provides a formal definition, while the next seetion deseribes an example 
of this definition. 

The eoneept of business transaetion systems has been introdueed in Sato and 
Praehofer (1997) and Sato (1997) as a general model of routine business proeesses. Its 
eharaeteristies are 
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(1) A data flow diagram (DFD, for short) is a static model of a business process. Data 
flows are described as a file system that is modeled by a kind of the 
Entity-Relationship model called TH model. 

(2) The whole dynamic structure is a discrete-event system that is formulated as a 
multicomponent DEVS. 

DEVS is a systems theoretic formalism for discrete-event systems, which is 
originated by Zeigler (1974). Each activity in a DFD is model as a DEVS, and then 
they are connected by the file system to constitute a whole DEVS. 

We construct a BTS that simulates a given BT-PN in the sense that Fig. 2 commutes. 

Nn RuA >. File RnA 

M 

Y ^ 

Nn RnA ^ jj^nA 

id 

Fig. 2. Commutative diagram 

Given a BT-PN, the function \|/:N*^ File in Fig. 2 natural correspondence from a 
marking to a file structure. The function 5 m is the state transition function of the 
corresponding BTS. 

To define a BTS, we need to define its components. They are activities, respective 
conditions to start activities, and the information sharing mechanism. Formally, they 
are described by the following sets and functions. 

(1) The set of activities: 

{Ga = <Sa X R°°, 5a, taa> | 1< a < nA} 

(2) The function to describe staring condition for activities decided by the file system: 

fFA:File ^n({l, 2, ... , nA}) 

(3) The function to describe updating the file system triggered by activities: 

fFileValue:File x n({l, 2, ... , nA}) ^ File 

This section provides the definition of these set and functions for a BT-PN. 

As indicated above, an activity unit of a BT-PN corresponds to an activity of a 
BTS. Ga is a DEVS. In the following, a busy place qa corresponds to an activity a of 
a BTS. 

We define the file system of a BTS. The set KS of controlled entity types virtually 
represents the set of table names in a relational database. Let KS = P - Pa ^ PC- That 
is, all of the places but busy places correspond to tables names in the file system. In 
the definition of a BTS an element p of KS is virtually a table, so it has its defining 
attributes. Define the attributes ofp as (#FT(p), number of tokens}, where #FT(p) 
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is the primary key of the table for p. Since we think of non-colored tokens, this kind 
of table has only one line to show that a place p has some tokens. This completes the 
definition of the file system. We employ f|j to show the file contents function that 
corresponds to a marking p. Then, f|j(p) is the number of tokens in a place p. That is, 
fp(p) = fi(p) holds for each p. This correspondence between makings and file 
contents are represented by the function ^ ^ 

Both of the functions fAK ^nd fKA specify a subset of KS for each activity as 
follows. Take Fig. 3 as an example. 




We define ba, pi e fKA(a), ba, P2 6 I^'aK (a), and P3, P4 e f^AK (a). That is, the 
fact that p 3 and p 4 are the output places of the input transition of the activity unit is 
shown by f^AK(a) ^ {P3, P4} while the fact that ba and p2 are the output places of the 
output transition of the activity unit is shown by f^AK (a) = {ba, P2}- We define the 

function fAK such that fAK (a) = f^AK(a)kJf^AK(a). The input places to the input 
transition of the activity unit is shown by fKA(a). For a general activity unit those three 
functions are defined in the same manner. Therefore, the places connected to an 
activity unit is represented by fAK(a)kJfKA(a)kJ {qa} . 

Let S = {(f|a, ei, C2, ..., Cn^) | fp e File and (ep C2, ..., Cn^) e The set S is 

the state space of a BTS (Sato and Praehofer, 1997). 

Let Sa = File|f^j^(a)kJfj^(a); that is, the restriction of File to fAK (a)kJfKA (a). 

Therefore the restriction fa^ of f^ to fAK (a)'^fKA (a) consists of the set Sa; That is, 
Sa= (Ppl fp 6 File}. 

Define the maturity (time-advance) function taa: Sa for Ga by taa(Pp) = 

lag(f p, qa), where f p is any file contents function except that fa^ = fa|^ holds. 

Notice that the time to maturity of token is infinity for an activity place without any 
tokens. The definition of the function taa is well-defined (Sato and Praehofer, 1997). 
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We define the function fpA to show the enabled transitions: 

a e fpA (f|i) For each p, if p e fKA('3'), then f|j(p) > Wpi holds. 

This definition says that a e fpA (fp.) holds iff all of the input tables of the activity a 
have enough matured tokens to commence the activity. Notice that a e fpA(fp) assures 
that the activity is not in busy state. We say that an activity of a BTS is said to be "ready 
to start at Pp," if and only if there is a distribution f p of tokens such that ^ Fp| 
fKA(a) ^nd a e fpA (f p) holds. 

For an activity a, in order to define the state transition function of, a we need two 
functions 6aO and 5al that are defined below. The function 5aO shows the updating of 
the file system of the BTS to represent transference of tokens in a BT-PN with respect 
to finishing activities. When we apply this function to Pp, it is needed to hold the fact 
that Pp (ba) = 0. 

5aO:File|f^j.(a)ufKA(a)^ File| fAK(a)ufKA(a)’ 

5aO(Pp)(p) = 

Pp(p) + Wpo, if P e f*"AK(a) and Pp(ba) = 0; 

Pp(p), otherwise. 

The function 5al shows the updating of the file system of the BTS to represent 
transference of tokens in a BT-PN with respect to starting activities. 

5af:File| fAK(a)ufKA(a)^ File| fAK(a)ufKA(a)’ 

5al(Pp)(p) = 

Pp(p) - Wpi, if p e fKA(a) and a is ready to start at Pp; 

Pp(p) + Wpi, if p e f®AK(a) and a is ready to start at Pp; 

Pp(p), otherwise. 

Define 5a = SapSaO- That is, first apply 5aO and then apply 5af. 

We next define the file updating function fpile Value -File x T1({1, 2, ... , uA})^File. 

For any a, define as follows: 

fFileValue(fp, {a})(p) = 

5al(f^p)(p), ifp 6 fAK(a)kJfKA(a); 
fp(p), otherwise. 

For arbitrary {aip ai 2 , ..., ai^.}, define as follows: 

fFileValue (fp> {aip ai 2 , ..., ai^.}) = 
fFileValue('" fFileValue (fFileValue (fp> {aij}), {ai 2 }),--, {aij.}). 
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Based on the funetions defined above, the state transition funetion 5]y[ of the BTS is 
eonstmeted in a normal proeedure provided in Sato and Praehofer (1997). The time 

advanee funetion ta:Filex R°° is defined by 

ta(f|i, ei, e2, en^) = min[a e {l, 2, riA]{taa(fp) “ ea}- 

Define the funetion due:Filex R*^^ ^ n({l, 2 , ua}) as follows: 
due(f|j, ei, e 2 , en^) = {aij, ^2’ 

for eaeh k, 1 < k < m, ta(f|a, ei, e2, en^) = 

We next define the funetion fp that represents the meehanism to start all of the 
possible aetivities start in turn from a file value: 

fF(fp) = 

fp, if fFA(fp) = (|>; 

fF (fFileValue(fp, fFA (fp)), otherwise. 

The dispatehing funetion foispateh represents the resultant file system when all of 
the possible aetivities start in turn for the file value: fDispateh(fp) ^ fFileValue(fp, fFA 
(fp))- 

The elapsed times ep e2, ..., en^ for eaeh aetivity is defined as follows. For eaeh i, 
e’i = 

0, if iedue(s)Ujj,^Q^ fFA[fDispateh'^ (ffile Value (fp, due(s)))]; 
e i - ta(f|i, ei, e2, ..., en^), otherwise, 
where fDispateh^(fp) represents k times applieation of fDispateh to f|a, and 

s = (fp, ei,e 2 , ..., en^)- 

Now the state transition funetion 6 m is defined: 

5m (fp, ei, e 2 , ..., en^) = (fF [fFileValue(fp, due(f|a, ep e 2 , ..., 611 ^))], e’p e’ 2 , 
e’nA)- 

This eompletes the definition of the BTS that eorresponds to a given BT-PN. The 
eommutativity in Fig. 2 is shown in the next seetion. 

5 Commutativity Between Business Transaction Petri Net and 
Business Transaction System 



A diagrammatie explanation for the eommutativity between a business transaetion 
Petri net and business transaetion system is provided in this seetion. A simple 
Kanban-system is an example. Sinee a business transaetion system is a general model 
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of business processes, the commutativity we will show is applicable to business 
processes that are described by data flow diagrams. 

A Kanban systems is a just-in-time control system. Kanbans are cards and used 
between two sequential processes. In the production process controlled by kanbans, 
one kanban is attached to the container for small quantity of specific part or products. 
When such part in a container is used up by a processing or assembly, then the attached 
kanban is put off into its holding place. When prescribed number of kanbans are 
accumulated in the holding place for the kanban then an production-order is issued to 
the preceding production/assembly process. In this way, production orders for various 
part propagate upstream to suppliers, while materials and part flow downstream to 
customers. The market demand for product becomes the order to the final process and 
is the only input to the whole system. The kanban system is also called as Toyota 
system (Monden 1983). 

In Fig. 4 a supplier is modeled as an activity that accepts production order for part 
and delivers the corresponding amount of part to the manufacturer in some time. 
Tokens in Fig. 4 represent inventories of materials, parts, or products. 




From the state depicted in Fig. 4 we show how the state transition by d will bring 
new state in turn. The process of the calculation consists of five steps: from (PNl) till 
(PN5). 

(PN 1) Because ty® is the only enabled transition, we have deuP(|i, e) = {fv°} • 
(PN2) Let (|i^, e^) =6i(|i, e). Since (p^, e^) is the state just after transition ty® was 
fired, is the marking just after the supplier has unloaded. 

Now, st(p^) = {IaH holds. That is, t^* is enabled. 



(PN3) 
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(PN4) Starting from the firing of t^*, §2 gives the final result of successive firings of 
possible transitions. Let (p^, e^) = 5i(p^, e^). Then, we have st(g(p^)) = 
{tmvP‘}- Since st(g(g(pl))) = (|), we have p2 = g(g(pl)) , 

(PN5) Here we have that oo]{st(gP(p))} = st(P^)^st(g(P^)) = {W, 

tmvP'} hold, it holds that e^(qA) ^ ^^(qmvP) ^ 0 in addition to the fact that 
el(qv) = 0. 




We will construct a BTS corresponding to the BT-PN of Fig. 4, and show how the 
BTS makes its state transition. They are depicted in the steps from (BTSl) till (BTS5). 

(PN 1) The BTS corresponding to the BT-PN in Fig. 4 is Fig. 5 with the marking, fp. 

In Fig. 5, kA(F) means that kA is an element of I^AKCV), and kp^(S) means 

that kp^is an element of f®AK(A). 

(PN2) The initial condition on Fig. 4 implies that due(f|j, e) = {V} and fpA (fp) ^ 
(|) hold. 

(PN3) We have p^. For the p^, the file content function satisfies fpl(kA) ^1 and 
fpl(bv) ^ L And for other place p, it holds that fpl(p) = fp(p). 

(PN4) We calculate the value fp [fFileValue(fp, due(f|j, e))] = fp (fpl). Since fpA 
(fpl) = {A}, the definition of fp says that fp (f|jl) = fp [fpileValue(fpl> 
{A})]. That is, fp (fpl) = f g(pl) holds, the value f g(pl) represents the 
situation just after the commencement of the activity, A. 

At this stage we have fpA(%(pl)) ^ {mvP}. Thus, the activity mvP is 
started. The value, fp (f g(pl)) = fp (fpileValue(f g(pl)> {mvP}) is decided. 
Comparing this to the BT-PN, we have fp (f g(pl)) = fp (fg(g(pl))) = fp 
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(fg2(|jl)). There exists no activity that can be commenced in fg2(|jl). That 
is, fg2(|jl) = (|) holds. Therefore, we have that IrLfpile Value (f|i> due(f|j, e))] = 
fg2(|il). 

(PN5) Let s be (f^, e). Since {A, mvP} = due(s)LJ|-j,^Q^ fpA 

[fDispatch'^(fFileValue(f|i, due(s)))] holds, the elapsed time for both A and 
mvP becomes 0. 

The above steps provide the commutativity of Fig. 2. For a BT-PN there exists a 
BTS that simulates in the sense of Fig.2. 



6 Conclusion 

Based on the model of business transaction system, the dynamics of business process 
as a logistics plant can be analyzed. The theory of max-plus algebra[l, 9] for business 
transaction can be introduced for that purpose, introducing the corresponding business 
transaction Petri net. Using a business transaction system and the business transaction 
Petri net, we can investigate how feedback control schema produces periodic behavior 
and how bottleneck activity effects. Since this paper has provided a firm theoretical 
basis for two models to such business process engineering, a thorough development of 
a kind of business process algebra and a methodology to design business process 
equipped with the algebra is a topic of future research. 

Peterson (1981) pointed out that modeling through Petri net had not been developed 
yet. The equivalence between DFD and Petri nets shown in this paper can be thought of 
a step toward that direction in modeling business processes. 
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Abstract. Market demands and internal needs forced companies to permanent 
adaptations. It exists a need for a systematic approach to the perpetual business 
process improvement and company growth. Reengineering of assembly is one 
of the possibilities, and involves activities on assembly technology, logistic, 
assembly system development and product redesign. For that reason, the 
adequate tools for modelling of the assembly process and system have been 
developed. Activities needed for reengineering process are part of such model. 
The reengineering process is finished and started again by evaluation phase of 
reengineering. 



1 Introduction 

An enterprise is a dynamic structure, it has to adapt itself permanently to the laws and 
demands of the market and adjust its technological and sociological abilities. 
Competition narrows sales possibilities and enforces reduction of production costs. 
Customers demand new products in many varieties and short delivery times, short 
development times, high and constant quality and low prices. New materials and 
technologies are emerging, and society demands environment friendly products. 
Internally enterprises encounter rigid organisation, high labour costs, inability to 
manage production costs, material flow and quality, rejects, limited investment 
founds, and incompetent production management. Numerous new philosophies and 
organisation models should provide improvements, but practical results of these 
models are not encouraging. 

A few years ago production rationalisation was a proper approach to improve 
enterprises marketing ability, nowadays this is reengineering. Production 
rationalisation was aiming on technology improvement, rising productivity, and cost 
reduction on the operational level. Reengineering means complete renewal of the 
enterprise, on technological and organisational level, management of logistics, 
information flow, and employment as well as development of new products and 
redesign of actual products and programs. 

Reengineering of assembly means: »Fundamental reconsideration and radical 
renewal in assembly organisation and technology, design and redesign of products, 
logistics, education of workers for dramatical improvement of all success parameters 
like cost, selling amount and market share, adaptation to market and environmental 
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demands, customer satisfaction, aiming on general profit improvement for all 
employees. « 

Until now only a general model of reengineering for business - production process 
and information systems has been known. Reengineering of assembly as a part of 
business-production process hasn't been established yet. Reasons for that are: 
differences in enterprise organisation, human resources and their knowledge, level of 
success and others. 

In an assembly process as an integral and crucial part of production process the 
problems on realisation level are mostly connected with organisational decisions, 
logistics, technology, products, and all kind of resources. In comparison with 
optimisation and process ratioantionalisation the assembly reengineering process is a 
simultaneously changing and evaluating of the assembly system, material and 
information flow as well as the improving of human recourses skills connected with 
the whole production process. 



2 Assembly Proces Modelling Tools and Methodes 



When crossing the route from existing assembly system to a new one in a 
reengineering process, the following objectives and constraints have to be considered: 
Modelling formalisms. Evaluation criteria. Reference model (Fig 1). 




New system 



□ □□I 



Fig. 1. Reengineering process form existing assembly system to new one 



A number of modelling tools already exist, like CIM-OSA (Kosanke 91), IDF 0, 
SADT and GRAI method (Rolstadas 95), MO^GO (Mertins 94) and are being used in 
the reengineering of business process management systems. Some of them can also 
be used in assembly reengineering process. Especially some ideas of GRAI and 
presentation of activities with IDF 0 will also be used in project presented in this 
paper. In planning process relation models can also be used for presenting the 
assembly operation information. 

Concerning the reengineering process for crossing from existent assembly system 
toward a new one, we can notice similarity, three kinds of decisions have to be 
observed: realizational, structural and conceptual. And on conceptual level the 
question "what?"' has to be answered without concerning the organisational or 
technical frames of assembly process. Questions "who?, when? where?" are 
concerning organisational point of view and are mostly structural nature of decisions 
and "how?" lead us to realisation phase of reengineering process and is concerning 
only technical constrains of the studied case and the choice of equipment (Fig. 2). 
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Fig. 2. Decisions circle when redesigning an existing assembly system 

In a new assembly system planning process on all, conceptual, structural and 
realizational levels, more alternatives or choices have to be estimated with 
performance indicators. There are some modelling formalisms used on conceptual and 
structural levels for describing and analysing the function of existing assembly 
system, material flow, information flow and decisions making process in 
reengineering and planning process as entity models, relations models, activity 
models. 



3 Company Reference Model and Assembly Reengineering 
Process 



The production system can be divided on three level concerning decisions making and 
reengineering process implementation. On the strategic level the company efficiency 
is evaluated and the long- and short-term plans are discussed and accepted. Tactical 
level is level of performing the strategic decisions, analysing the existing assembly 
systems, planning a new one, and preparing demands and orders in form of drawings, 
reports for operational level, where the assembly process is executed (Fig. 3) 




goals 

objective 



proposal 

orders 

new systems 
new processes 
new products 



products 



Fig. 3. Production system reference model 
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All three levels are supported by a suitable information system, which enables 
access to all relevant data, for each decision and process level. The structure of 
production system shows us that we have on strategic level a management team which 
forms product oriented teams on tactical level. Such teams are responsible for 
individual reengineering projects and are responsible for one or more assembly units 
on operational level. 

The top management group sets up goals and demands for reengineering process 
based on market demands and conditions as well as conditions in production process. 
The acceptance of decisions are supported by evaluation criteria or variables for 
market, environment and production system, evaluation as follows: 

• profit (costs, product market price) 

• market demands on product (volume, new product, new material, product 
variants) 

• profitability or investment pay back (time and intensity) 

• response and company flexibility (velocity, intensity, stability) 

• environment (pollution, energy, resources) 

• market share. 

The decisions of management group are in form of demands like: to develop a new 
product, to improve the productivity, to reduce all kinds of costs, to eliminate the 
pollution etc. 

The decisions done by team responsible for reengineering process on tactical level 
are based on following influenced parameters: 

• product development (time, variety, group) 

• planning and development of assembly system (development time, optimal 
solutions, support of planning tools) 

• assembly system controlling (respond, overview) 

• material flow controlling (overview, effectiveness) 

• total quality assurance 

and 

• capacity of assembly system 

• assembly system flexibility 

• quality, disturbances, rejects 

• assembly process costs (energy, space, investment, labour costs) 

• assembly system reliability and availability 

• material flow and stocks 

• human resources. 

In the process of assembly reengineering most of work is done on tactical level. On 
this level proposals are prepared, systems are developed and realisation of the 
reengineering project is managed. Installation and implementation of the new process 
are realised on the operational level. 
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4 Activity Model of Assembly Process Reengineering 



The activity model of assembly reengineering process for the transfer from actual 

assembly process or assembly system to a new one was developed. Activity model 

allows us to follow individual working phases and shows also on which production 

level they are performed (Fig.4). 

Assembly reengineering process consists of following activities: 

• Analysis of the existing production process and by its results determination of 
demands for renewal of production process on structural level. 

• Evaluation and analysis of existing assembly process respectively assembly 
system and comparison with demands, designing a proposal of a new assembly 
process or system is a result of the first activity on tactical level. 

• The proposal has to be verified on strategic level. 

• Planning and designing of the new assembly system are the next activities. 

• Installation activities involve the activities on operational level. 

• The new or renewed assembly process or assembly system has to be evaluated 
and the process of reengineering can process again in term of constant 
improvement of assembly system. 

• 
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existing production 
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Fig. 4. Assembly reengineering process model 



5 Temporary results 



The assembly reengineering process has recently been implemented in two small 
companies. 
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Example 1 (Fig 5): 

Company producing metal parts for windows and the window ruler assembly was 
reengineered. 

Goal was to increase market share. This could be accomplished by assembly costs 
reduction and by increasing the production volume. For that reason the new 
automated flexible assembly system was developed. 



Example 2 (Fig. 6): 

Company producing components for domestic appliances. The pressure switch 
assembly was reengineered. 

Goals were: labour cost reduction, intermediate stocks reduction, through put time 
reduction. 

This was accomplished by development of a new assembly system. 



EXAMPLE 1 

Product: windows ruler 



Existing 

assembly system 



New 

assembly system 



cost share cost share 




93 94 95 96 97 98 



Years 



Market share 



product price: 1 38 S IT 



product price: 98,93 SIT 




93 94 95 96 97 98 



manual line 

n> n><riAn> 

u> U> 



Years 



flexible assembly line 



Fig. 5. Example 1 
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EXAMPLE 2 



COSTS SHARE 



OLD NEW 



Product: pressure switch 




COMPONENTS COSTS 
ASSEMBLY COST 
PRODUCT COST 



61 SIT 
64 SIT 
125 SIT 



62 SIT 
32 SIT 
94 SIT 



■ ASSBl«L> COST 



old 



■ COMPONENTS COSTS 

■ ASSEMBLY COST 




Demands: 

-Labour cost reduction by 10% 
-Capacity flexibility integration 
-Stocks reduction 50% 

-Through put time reduction by 20% 



new COMPONEr*^ COSTS 

■ ASSEMBLY COST 




■coiPCMErns 

CCSTS 



OLD ASSEMBLING SYSTEM 



< > 



< > 



< > 



< > 



NEW ASSEMBLING SYSTEM 




Fig.6. Example 2 

Conclusion of several realised reengineering projects is (Fig. 7): 

NEW ASSEMBLY SYSTEM 




Fig. 7. Activity circles of improvement 



Assembly reengineering starts with activities on all four activity circles: material 
flow, assembly system, information flow and human resources. Optimal solutions are 
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first achieved in material flow circle, than in assembly system, followed by 
information circle and finally in human resources. 



6 Future Work 

The research work on improving the assembly process started two years ago, 

supported by the Ministry of Technology and Science and with co-operation of 

different small and medium sized Slovenian companies. 

• The whole activity model has to be verified in real environment. 

• Some assembly reengineering oriented tools for reliable verifying of the 
effectiveness of assembly process have to be developed. 

• Newly developed tools are implemented for assembly systems performances 
determination and analysing. 

• More emphasis has to be given to the development of user friendly assembly 
process and system planning process. 

• Different tools have to be used for material flaw planning and analysing. 

• All decision making places have to be connected with effective information 
system and give the management on strategical and also on tactical level more 
adequate information in the real time. 

• The permanent educational program has to be implemented for all participants in 
the production process. 
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Abstract. As we left the 20th century the industry has paid particular attention 
to the ecological impacts of new facilities, energy use, number of used materials 
and several other very important environmental issues. Now many impacts to 
design and recycle facilities as „ life cycle “ ( planning, design, development, 
supply, manufacture, use, recycling ) have not been systematically and 
comprehensively studied and analysed. Engineers, operators, professionals and 
other people who works in this area together maybe in different firms should 
understand the environmental and interactions of management, team behavior 
and methods because their everyday decisions carry substantial social 
implications. 



1. Introduction 

A rapidly developing market and an increasing availability of new productions 
technologies speed up the development of products and their corresponding means. 
To respond competitive pressure, companies invested heavily in production 
automation and computer integrated manufacturing ( CIM ). Therefore the global 
marketplace is changing rapidly, companies have to answer to the requirements of 
customers. 

This paper focuses on the need for creation of a closed loop system integrating 
research in the area of design for disassembly and end of life cycle equipment 
disposition. The manufacturer must respond quickly to rapidly changing markets 
driven by customer based valuing of products and services. Low cost intelligent 
manufacturing systems are necessary to realise this in an economic way. Hence the 
producers have to rethink their whole organisation. Therefore it is obligatory to 
reorganise the product development. 

The paper explores closed loop (including reuse) and open loop recycling issues 
and presents some quantitative data on the impact of design for disassembly and 
recycling on the recycling process. 
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2. Design for Disassembly and Recycling 

The main goal of Design for Disassembly ( DFD ) is to impact the economics of 
electronics recycling in a number of important ways. Techniques for Design of 
disassembly are driven by equipment disposition, recycling/reuse technology. 
Practical design for disassembly can only be formulated within the work of standard 
equipment, demanufacturing techniques and the economic realities of these 
techniques. In end of life management of considering product disposal, the designer 
becomes a more and more important role to consider final disposition processes at end 
of life, thus "Design for Recycling" becomes part of the over all design plan. The 
incorporation of Design for Recycling into the design process is an critical step 
towards the creation of more recyclable electronic products. The greatest impact on 
product design has both the costs of the recycling process and the logistics. The 
design can dictate both the methodology used to recycle the product and the profit 
generated from the recycling process. 



2.1 Design for Disassembly 

In the field of automation and robotics a very high standard have been reached in the 
last decade of this century. But the focus was only on “assembly problems”. 

When we have a look at the characteristics of a product, it can be described in three 
main phases of living: production, utilisation and disposal. The closed product life 
cycle ( chain ) is one of the two main streams called “traditional” product life chain 
( such as production, distribution and use ) called “Eco-design”. The other one, re- 
using and recycling products, components and materials ( such as take back, re-use 
and recycling ) is called “End-of-life Management”. Therefore in the future 
disassembling will be the most important process. 

The number of products to be disassembled will increase dramatically, so all 
companies should be aware of this problem. This is mainly caused by the 
environmental legislation of many countries, which leads towards a life cycle strategy 
that involves different concepts: 

• product recycling 

• rising waste disposal costs 

• demand of the consumer and the corporate image 

• public perception 

Therefore these topics becoming more and more a competitive factor for 
companies, especially for small and medium sized, all over the world. 

The different products to be recycled and also disassembled, such as computers, 
printers, telephones and other electronic devices, it is necessary to automate this aim. 
High flexibility and “Low - Cost” of disassembly processes will be necessary. 
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The automation potential will be one of the most important productivity factors for 
this new production process. 

The automation of disassembling is becoming a new challenge for engineering 
where the main goals are: 

• reduce the costs of disassembling 

• extend the performance of the disassembly process 

• optimise the different recycling processes 

• extend the life cycle of a product 

• create a human working environment in disassembly factories. 



2.2 A New Kind of Organisation 

In the current market not the rise of quantity, but those of variations is significant. 
Nowadays the life of the products is often shorter than the time to develop, to design 
and to produce it. These are the reasons why traditional sequential product 
development will not be able to fulfil these requirements. This procedure includes a 
lot of iterations loops between the single development steps and has periods of dead 
time. But the market wants small quantities of high quality and highly customised 
products at low unit costs with high responsiveness. The producer must respond 
quickly to rapidly changing markets driven by customer based valuing of products 
and services. Based on all these demands and also with the new industry of 
disassembling with all its influences the working conditions of the employees can 
suffer dramatically. That is also because the human is not in the centre anymore and 
only money is taken into account. To deal with all these problems the producers have 
to rethink their whole organisation, not only for the people also for the Management, 
the Team Behavior, the Method and the Environment. 

Significant in this area is the flow of information. Therefore it is essential that the 
information between the components (CAD/C AM/CAP) will be controlled by one 
system. Only when all components work together, when there is a continues flow of 
information and when there is a simultaneous execution the planning process will be 
efficient. This means that beginning with the first concept for the construction of the 
product you shall also develop a concept for the production and disassembling of the 
product, the layout of the production and the disassembly cell, to determine the 
necessary working and auxiliary material, the recycling processes and so on and 
estimate all possible occurring impacts on mankind. An integrated CIM-System is 
obligatory for every enterprise. But not every small and medium sized company had 
enough money to install such a CIM concept. So we at the Institute for Handling 
Devices and Robotics ( IHRT ) try to find solution to maintain small and medium 
sized companies. 

Based on the flow of information between the single components, which start to 
work together in a more specific phase of the product development, it is also 
obligatory to organise the co-operation between the different departments. Hence it is 
necessary to form a project team (Fig. 1) which operates together from the beginning 
in a methodical way. 
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Fig. 1. 4 - Key Factors of a Project Team 

Here it is important that the members of the team extend their knowledge also in 
the other fields. During these phases it is necessary that the project team operates 
strongly together. Design, manufacturing, disassembling and recycling planning must 
take place parallel. The next phase of the development is not initiated until all parties 
have reached agreement and have identified a global and economically satisfactory 
solution. 

Starting from the next phase it is possible, and for future development essential, to 
divide the product into several independent modules. These modules can be created 
according to their function, material, manufacturing and/or recycling process or as 
recommend here to their assembly and disassembly structure. For the employees, the 
enterprise, the environment and also logistically this will be the best solution, also 
because these groups can easily be organised for manufacturing and recycling 
processes. Hence, resulting from the large impact of the design especially the design 
for disassembly on the working environment, the next chapter should give a view of 
different software solution especially for small and medium sized. 
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3. Applications for Design of Disassembly 

Robotized disassembly automation has been growing up dramatically in the last years. 
Especially for small and medium sized companies, there is a great demand for flexible 
modular disassembly cells usually equipped with components like robots, grippers 
and tools, storage devices and part feeders, and other auxiliary devices. To guarantee 
a high flexibility and efficiency, an appropriate distribution and a context sensitive 
supply of information between all components must be ensured. A number of modular 
software system developed at the Institute for Handling Devices and Robotics (IHRT) 
of the Vienna University of Technology will be described 
( DEROBPLAN, ACAD Simulation packages ). 



3.1 Derobplan (Planning of Robotized Disassembly Cells ) 

There are many similarities to the planning of assembly systems, the application area 
of ROBPLAN will be extended now to planning of robotized disassembly cells - 
DEROBPLAN (Fig.2). 

Product Database: In addition to the database fields designed for planning system 
ROBPLAN, the product database has to include all necessary information to build 
disassembly families. For the complete description of the product, the database has to 
contain also a detailed description of the part connections (how to solve them, 
possible tools for solving the connections). One key aspect for the disassembly 
process is to know the „constitution“ (age, damage, etc.) of the product and expected 
complications caused by this conditions. 

Symbol Database: The pre-defined assembly icons from the Symbol Database have 
to be extended with representative disassembly steps. 

Component Database: The description of available cell components has to be 
expanded with tools and systems necessary for disassembling. Especially, a detailed 
description of available sensor systems and their characteristic data has to be included 
to the Component Database. 

Planning Database: Equivalent to the planning process of an assembly cell, the 
results of the design phase are written into the Planning Database. As an extension for 
the disassembling process, the proceeds of the disassembling can be calculated (and 
compared to the cost of the cell) and included to this database in order to proof the 
efficiency of the planned cell. As an additional result, the planning database also 
includes the calculated disassembly depth. 

Parts Database: Besides the four 'original' databases there planning system 
DEROBPLAN includes a fifth one, the 'Parts Database'. This database defines the 
current industrie's need of reusable and/or remanufacturable parts. Via connection to 
the world-wide-web (virtual market place) this information is permanently updated 
and represents the actual market demand. This information (together with information 
available from the 'Product Database') allows calculation of the required disassembly 
depth. 
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Component Database Product Database 




updated 

market demands 



Fig. 2. Structure of the planning system DEROBPLAN 



3.2 Design of a Disassembling Cell 

For choosing the tools in a disassembly cell it is necessary to know all the different 
processes in such a cell. Contrary to assembling - including the first two groups of the 
following operations - disassembling consists: 

Flandling: 

• Storing of the disassembled parts 

• Recognition of the parts to disassemble (geometrical, functional, physical 
characteristics, combination of materials, type of the part connection, 
possible disturbances of the disassembling process) 

• Gripping of the parts to disassemble 



Joining 

• Moving the parts to the storage 
Separating 

• Release and/or removing 
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Fig. 3. Design of a Disassembling cell 



The system can be implemented on the Windows 98 and Windows NT operating 
system. The design module is written in AutoLISP for AutoCAD. 



4. Conclusion 

Based on the rising industry of recycling disassembling will gain much on 
importance. The automation of it will be one of the most important productivity 
factors. For disassembling products with low cost intelligent manufacturing systems 
the assessment concerning the ability for automated disassembling is already 
important at the very first beginning during its development. Every life cycle process 
- starting with planning of the cell and layouting, up to programming and operation. 
So to find software solutions for small and medium sized company is part of this 
paper. 
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Abstract. This paper proposes a new approach to a rarely investigated topic: 
How can the emergence of new agents in social life be modeled. It proceeds in 
two steps. First a set of general simulation features needed to embed the notion 
of emergence are developed. Then it is shown how these challenges could be 
met by the use of a certain simulation environment called HE (Human 
Evolution). It turns out that not only specification and information structures 
used in HE are radically different from other contemporary approaches, but that 
the nature of results too leads researchers in a new - in my opinion highly 
prosperous - direction. 



1 Introduction 

Simulation usually is seen as a tool that enables researchers to observe the dynamics 
of highly interactive, complex systems that could not be studied in direct experiments. 
If the essential variables and the essential relations between them are modeled 
adequately, then the essence of the trajectories of the real processes should be close to 
the trajectories produced by the simulation - neglecting for a moment the difficulties 
with chaotic systems. The toolbox of simulation techniques thus clearly is one of the 
most important scientific methods for the social sciences - there is no controlled 
experiment in this area and the force of abstraction of the thought experiments of 
singular scientists is less powerful, at least with respect to capacity and rigidity, than 
computer simulation. 

These facts acknowledged, models of social processes (indeed already models of 
biological systems) entail a new challenge that cannot be found in physical systems: 
The entities in these systems are not simply given, they emerge and vanish again, and 
the relations between them are not fixed and waiting to be discovered, they rather are 
temporary valid constellations based mainly on intentional behavior of the modeled 
entities. In short, social system evolve. Despite its evidence, most contemporary 
social modeling circumvents this challenge by focussing only on time spans where the 
setting is stable. This paper collects and evaluates some ideas that try to grasp the 
emergence of social entities. In principle, three perspectives have to be interwoven: 
some historical instances of the emergence of social entities (1) have to be confronted 
with the existing simulation attempts (2) to find out which modeling problems emerge 
- so that finally something for the development of a simulation language for social 
modeling can be learned (3). As with any modeling exercise, the importance of a 
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simulation tool derives from its capacity to go beyond a thorough meditation on 
already observed behavior, to produce something new and perhaps surprising. Note 
that modeling the emergence of entities involves itself innovation of modeling 
techniques. 



2 On Emergence 

The basic element of a model of any society is a social entity. History shows that at 
any moment in time a set of social entities for a given geographical area can be 
identified - but this set changes over time. A descriptive model thus can only start at a 
specified point in time, making an assumption on the prevailing, essential social 
entities. In other words, the basic assumption of methodological individualism has to 
be rejected. These social entities create, modify and exchange models of the society. 
They do so by the use of a language, which they share. The development of this 
language is a necessary ingredient of human societies, since it enables memory, 
consciousness and the experience of time. Again the language used at a certain point 
of time in history, of course stripped to its bare essentials, has to be assumed if one 
models a human society. A major difficulty that arises in models of language is the 
ability of language elements not only to refer to non-language items, but also to other 
language elements: they are sometimes self-referential. In fact any model of language 
is just an example of a self-referential language. In the sphere of language, where 
language elements only refer to other language elements, rules for the use of these 
elements will have to be agreed upon. These rules are the syntax of this language, 
they are a convention made by social entities. But using the language, using models, 
often implies the influence of models on the choice of action outside the sphere of 
language. Models thus might refer to non-language elements. This relation is called 
the first order semantics of a language. Extending the argument, language elements 
refering to a language element with first order semantics are said to have second order 
semantics, and so on. So while the communication of social entities is somehow 
bound to their non-language environment via first order semantics, compare [1], the 
growth of social entities relative to their environment implies a growing dominance of 
higher order semantics. Sharing higher order semantics thus enables social entities to 
locate certain informational areas which they commonly ‘inhabit’. 

But social entities not only communicate within themselves and with each other, 
they also are exposed to a historically determined metabolism - an exchange with 
their non-living environment that enables their physiological survival. Perhaps the 
most significant property of almost every strand of economic theory - though it is 
rarely made explicit - is the assumption that social entities use language and model- 
building mainly as a supporting tool for this metabolism. 

In a sense, the most extreme position was that of Friedrich Hayek, who held that 
the prices in a fully developed market system are all that is needed to guarantee the 
optimal support of the metabolism of a social entity: The price structure incorporates 
everything that is needed for optimal allocation of ressources, see [2], it replaces all 
other language - in everyday language ‘money speaks’. Prices in these theories are 
anonymously determined outcomes of auctions with given participants, the 
informational link between the social entity and its environment is as small and 
efficient as possible. The role of prices and their physical carriers, money signs, thus 
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becomes a kind of ‘natural’ system, quite independent and not contributing to the 
development of social entities whose language, now cut off from their metabolism, 
for them still is their characteristic property. In short, Hayek-type approaches cannot 
contribute to the current proposal, since they loose sight of the endogenous dynamics 
of social entities. More recent economic theory for the greater part still sticks to the 
assumption that the core problem of the metabolism can be cast as ‘allocation of 
scarce ressources’, and that the price signals for allocation auctions can be directly 
derived from predetermined preference orders of individuals. From this perspective 
any evolution of social entities is clearly out of scope. Nevertheless in the last two 
decades, model-building of social entities was taken more seriously in economic 
theory. It is treated under the label of ‘expectation formation’. From simple adaptive 
updating rules to sophisticated solution of differential equation systems many variants 
of language use have been postulated and tested in their interaction. The simplest 
case, and in a sense the extreme counterposition to Hayek, is the one assumed by the 
school of rational expectations: The true model of the social metabolism is the market 
model, every individual knows it and solves it to express its preference order with 
price signals. This indeed loads the burden of total information on each single entity 
instead of freeing it from expectation formation as was the case in Hayek’ s view. On 
the other hand the equivalence of the actual core problem of the social metabolism 
and the models individuals build, together with the assumed capacity to derive from 
these models exactly the same ‘correct’ price signals as in Hayek’s world, makes the 
rational expectations approach as pointless with respect to the emergence of social 
entities as Hayek’s. 

The most fruitful theoretical development for the purpose at hand seems to be the 
theory of strategic games. From the perspective of cooperative game theory, the set 
of social entities at a point in time can be interpreted as a set of coalitions[3]. But 
contrary to the usual assumptions in this body of theory, expected payoffs are 
computed by the bounded rationality models of the social entities. Furthermore 
payoffs are also subject to the working of the different metabolisms of the social 
entities. For any given coalition structure the choices of actions do change the 
achieved rewards. This is so because, contrary to mainstream economic theory, it has 
to be insisted that interaction takes place long before any auction process leads to 
equilibrium levels Allocation of scarce ressources therefore is just one aspect in a 
broader process of dynamic adaption, learning, communication, manipulation (see 
[5]) and intended optimization. Clearly any such system will run through equilibrium 
positions - either in the sense of supply equals demand or in the sense that expected 
values equal actually reached values - only sporadeously, induced by dynamic 
adjustments, general equilibrium being an extremely unlikely state. It is a model of 
general disequilibrium^. While the disequilibrium property generates continuous 
oscillations, it does not imply continuous emergence of new social entities. As already 
mentioned above a new coalition structure of lower level entities, i.e. emergence and 
vanishing of higher level entities, will only occur if a critical mass of old coalitions 
due to a continuous change in expected payoffs breaks up. In that way continuous 
change provokes sudden discrete events. More precisely, to model these ideas two 



' This point is developed more carefully in [4]. 

^ General disequilibrium models are not the current fashion in economics, though they gain 
ground, e.g. [6]. 
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game theoretic tools are combined: On the one hand the cooperative, coalition game 
given in characteristic function form is used, with the value of each coalition 
transformed into an expected value, which in turn is computed by an explicitly given 
(bounded rationality) model. An important aspect of this model is the use of time 
preferences, discounting expected future utilities. Contrary to the assumptions in 
standard economic theory, time preference of a social entity certainly changes over 
time. On the other hand instead of the use of an equilibrium concept like the core, 
elements of Stephen Brams ‘Theory of Moves’ (see [7]) are used to analyze a 
bimatrix game where each coalition has the choice either to continue or to break up. 
The second player in each of these games is always the complementary set of existing 
coalitions. To include the empirically most important attitudes towards risk, the 
utilities in the bimatrix games are based on mean-variance considerations. It fits well 
into the spirit of this approach that Brams’ theory insists on the importance of 
inherited settings and on the force of traditional behavior. 

From this perspective the hierarchy of social entities will come into turmoil only if 
the traditional structure is judged to be inferior by at least one coalition. The breakup 
of coalitions then sets free smaller social entities open for new combinations^. 
Clearly there is much room for cumulative effects and surprising new social entities. 



3 Towards a Prototype for Social Simulation 

Stating the challenges that a new approach is thought to master and to design a 
simulation prototype that meets these challenges are two different things. With the 
simulation tool HE, for a more thourough description compare [9], in principle all 
aspirations can be adequately incorporated - though at the price of rather demanding 
specification inputs from the side of the model-builder. In this prototype of a 
simulation environmet metabolisms of social entities are represented explicitely and 
are connected to each other as well as to an explicitely modeled environment. 
Metabolisms themselves might change over time due to endogenous forces, 
endogenous technical progress being just a specific example. Moreover 
communication between social entities is included in the simulation too. Learning 
thus does not only occur as some kind of Bayesian learning from the success of the 
interaction with the environment. There is also the possibility that social entities 
transfer models to others - be it to teach them something correct about their 
environment, or be it to maniplulate them to act favourably for the sender. Social 
entities thus ‘speak’ by the use of models. If one considers the importance of learning 
from other social entities relative to the learning processes that derive from direct 
interaction with the physical environment, it immediately becomes clear how 
important that feature of the simulation prototype is. 

Moreover the necessary computations to recognize possible break-ups of coalition 
structures - see the previous section - could not be incorporated within some 
reasonable constraints on information processing capacities if there was not the 
possibilty of communicating models. Indeed in many cases the communicated models 
can substitute the correct and empirically tested models completely! Social entities 



^ This is the term Schumpeter used in [8] to characterize innovations. 
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can base their actions on quite strange, more or less commonly believed models that 
escape any empirical validation - and they will continue to use them as long as long as 
a significant majority of metabolisms produces satisfactory results. This might sound 
strange to economists but surely is trivial for ethnologists. 

To enable the implementation of such a simulation environment it is necessary, or 
at least wise, to restrict the possible information processing abilities of modeled social 
entities right from the start. Indeed with communication at its disposal a social entity 
will store parts of its knowledge outside itself to avoid overflows of its memory. The 
design of the prototype thus evidently leads to the implementation of external ‘model 
stores’, that in HE are called ‘media’. With a common language the same medium can 
be used by different entities and different media can be compared by the same entity. 
In that way a new type of learning from external sources emerges. 

The great advantage of a simulation run of this type, once it is set up, is that a 
wealth of interesting results on a historically and empirically valid level can easily be 
generated. It differs from the currently flourishing ‘Artificial Life’ approaches^ in that 
it does not aim at spartanic behavioral traits of ever larger numbers of entities. While 
there is a necessity to keep things simple, it would mean to overstate this technical 
need if one substitutes the use of models of modeled social entities by simple 
stimulus-response functions. If reactions are not dealt with in a somewhat more 
sophisticated way, it is the implementation of learning that suffers. More detailed 
information on the algorithmic side of the prototype can be found in a compagnon 
paper to this contribution [9]. 



4 Conclusion 

It should be evident by now, that HE can provide results that are substantially 
different from those of other types of formal analysis. Though they are closer to 
empirical observations, they usually will be rather sensitive to changes in the rich set 
of specifications. In a sense they are more like metaphors for possible interpretations 
of the past or forecasts of future developments. Their very nature is to guide 
exploration rather than to present themselves as a unique, discovered law governing 
reality. 

With respect to the central question of this contribution, the emergence of social 
entities, this means that HE can help to discover prospective future social entities. 
Or, it can help to single out those social entities that are prone to be eliminated. This 
highly sensitive tool thus clearly transforms the world-view of the social scientists in 
a fragile, quantitative result that will induce the latter to regard his or her own role in 
the modeling process as active part: The observer is part of the model. In that way 
normative and objective findings by the use of HE can be digested as being 
permanently in a state of flux. With every simulation run and the implied newly 
emerging entities, the model-builder is confronted with the question if these expected 
entities are judged as good (and should be furthered) or as bad (and should be 
suppressed). The judgement itself, of course, should be derived explicitely from 
current preference orders of model-builders, a further hint at self-reference that not 



For an overview see [10], for an interesting recent example see [11]. 
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only comes back to the discussion of language, but also shows that self-reference 
tends to accumulate beyond every scope. 
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Abstract. The paper presents the concept of an interactive team-building tool 
for simulating social grouping. It shows how decisions whom to assign which 
task can be supported from a game-theoretic perspective. Thus the group 
member are modeled as social entities following their preferences and being 
able to resist against work distributions they do not want. The features of 
ITBT are deduced from the decision situation of a team leader being in charge 
for the work distribution and are described in more detail in the paper. 



1 Introduction 

The theme of the presented paper is how to support team leaders in their decision 
making processes on team constellation. As known from several organization theory 
contributions grouping is an essential part in organizations. In particular if the 
organization can be characterized by the necessity of building temporary project 
groups (see [1]), whereby groups refer to those parts in an organizational structure 
that support collaboration in terms of reaching and fulfilling corporate objectives 
(see [2]). Organization theory has treated the coordination problem in several 
different ways: While institutional economics and transaction cost analysis [3, 4] 
focus on the role of conflicting sub-goals in strict hierarchies, the clan paradigm [5] 
stresses the role of sharing values as way to obtain organizational cohesion. 
Nevertheless they do have in common that the assignment of people to tasks seem to 
be a coordination problem, even though it is accepted that there are several soft 
factors influencing the according decisions. 

Contrary to these approaches the presented interactive team-building tool starts 
from the assumption that it is necessary to take group dynamics into account and to 
allow for the modeling of subjectivity, a term explained in more detail in the 
following paragraphs. 

There is no doubt that the constellation of teams plays a crucial role in the 
economic field: the division of labor requires the distribution of several 
qualifications, therefore a group has to consist of people with according abilities in 
order to fulfil the group’s task. Evidently experience, routines and knowledge of the 
single group members are parts of one’s qualification profile. Normally the labor 
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process can be divided into single steps, each of them requiring certain 
qualifications. If the people have these abilities with no overlapping, it is rather 
clear, who has to do what. There is no space for discussion. Egger [6] argues that 
such settings can hardly be called ‘cooperative’. 

As soon as there are redundant abilities in a group, the question emerge to whom 
assign certain tasks, since more people can do the same job. Assumed that people do 
have ways to resist against work distributions they don’t want, this decision 
becomes crucial. In other words the assignment cannot be treated as a scheduling 
job, but is highly determined by group dynamics: phenomena such as power games, 
individual utility functions, conflicting interests, different preferences and the like 
do influence the performance of working teams. If people are dissatisfied with the 
jobs they have to do, the performance will decline. 

Following this basic idea computer support for social grouping has to take into 
account all the mentioned aspects as well as the problem of subjectivity. This means 
that a person in charge for the work distribution has to make decisions in a highly 
uncertain decision situation: Many of the mentioned aspects can just be anticipated 
very vaguely. In order to offer a decision making support, ITBT simulates the 
subjective view of him/her on the decision situation. By doing so a feedback loop is 
implemented: The results of the simulation serve as evaluation for the view or they 
can be used to compare it with reality initiating learning processes. 



2 The Decision Situation 

From a team leader’s point of view the distribution of tasks belongs to his/her job 
and has to be done. Furthermore it is a necessity in terms of division of labor and has 
to follow certain company’ objectives. This means that the decision situation on one 
side is determined by the company’s objectives, on the other side it is influenced by 
the group members and according dynamics. 

If the members of the organization are treated as entities with no possibility to 
react on the proposed assignments the decision situation can be modeled as 
optimization problem resulting in a work schedule following the company’s 
objectives (see e.g. [7]). As soon as it is assumed that the (human) group members 
do have their own view and ways to deal with proposed work distributions in a 
destructive way (in other words as soon as it is assumed that they do have certain 
power), their behavioral alternatives have to be considered in the decision situation 
(for the discussion on the role of conflicts see also [8]). This leads to the approach 
that there is an interaction between the person in charge for the work distribution 
and the group members as well as among the group members. Evidently the latter 
ideas lead to a game-theoretic modeling view: The decision (of a team-leader) whom 
to assign which tasks depends also on the expected actions of the group members 
(see [9, 10]). Clearly these expected actions of the team members depends on their 
utility functions - that are usually at least partially hidden from the team leader. 

The concept of the utility function in the presented case refers to a preference 
order which each team member has with respect to certain tasks. This preference 
order reflects many different influences such as expected salary, reputation, career 
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opportunity, but also status and power. Egger and Hanappi [11] distinguish between 
operational and inter-relation level of the decision making: while the former means 
the “objective matter-of-fact” issue - namely in terms of qualification and 
company’s objectives - the latter refers to the “backstage”, the group dynamic space 
(for a more detailed discussion see also [12]). 



The following figure presents the decision situation from a team-leader’s point of 
view. 




Fig. 1. Decision situation of a team leader representing visibility of qualification and utility 
functions of the group members 

Group member 1 as well as group member 2 (GMl, GM2) has a qualification profile 
which is partially known by the team-leader (TL), the person in charge of the team- 
constellation, even if the assessment of experience and routine might be uncertain. 
The ‘visible’ part of qualification consists of educational degrees, certificates of 
training courses and the like. Those documents (together with a CV) offer an 
impression of the consumed education. In connection with information on former 
working places and duration an imagination of the abilities of a group member can 
be built, even though the real know-how cannot be assessed by these data. The 
aspects concerning the “hidden” space of a group member can be defined as utility 
function (including expected utility from certain activities, preferences (concerning 
tasks and/or roles), interests (such as income, status, power, labor intensity)). All 
these parameters of the utility function stay hidden. Thus the team leader can only 
speculate. Even though working experience with people will expose some aspects of 
one” utility function (you probably can assess if one is interested in making career 
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or in social appreciation and the like), but it is difficult to catch more of the inter- 
related facets. 

Note, that the relation between the group members might be of informal type 
(expressible in form of a status-relation) or formal (expressible in form of a power- 
relation externally given). Status refers to the group value a member is ascribed by 
others. As a consequence a group member interested in getting higher status has to 
act strategically: E.g. One could offer to undertake jobs not wanted by others, even 
though it ranges at the end of the own preference list. 

Power refers to formal ways to restrict others’ action space. Informal power 
represents ways of coping with unwanted situations, e.g. spending more time than 
necessary for the completion of a task. 

It is assumed that there is a correlation between status and power: If the status of 
a certain team member is high enough it usually leads to a change in the power 
structure: Informally this group member will gain power, formally it will probably 
be useful in the eyes of a manager to adapt the power structure to the observed group 
situation. 

The team-leader has the problem to choose group members according to 
requirements of the job. If there exist redundant job qualifications group dynamics 
in terms of co-operation between the team members can be considered, too. 
Therefore the team leader has to make the choice on the basis of his/her imagination 
(i.e. model) of the group members. 

In order to improve the ability of a team leader to assess the constellation of 
group members, a simulation tool shall help to evaluate the assignment decisions 
made. 



3 The Features of the Interactive Team-Building Tool 

In order to support the team leader in this decision situation an interactive tool for 
team-building is designed which will simulate the decision situations as presented in 
figure 1 . The main idea of ITBT is to allow for simulating effects of certain team 
constellations by linking the operational level with the inter-relational level. In other 
words the group situation in terms of company’s circumstances as well as group 
specific internal dynamics is implemented. Assignments a team leader made are 
evaluated on the basis of the utility function of the group members. Therefore the 
evaluation of the decisions has to refer to the specific group specification. Note that 
this group specification represents the view of the team leader. Thus it is highly 
subjective and might not necessarily be a ‘good’ representation of the group. ‘Good’ 
means an accurate model of reality. Since the team leader is always uncertain 
concerning the utility functions of the group members, he/she shall learn to reflect 
on the own view. This is exactly the purpose of ITBT. 

In brief the ITBT consists of two main features, the group specification and the 
group member module which are presented in the following. Those features are 
linked to each other by the decision module. 

Group Specification: The group specification asks the team leader to model his/her 
view of the general situation of the group: The group task is represented as a Petri 
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Net showing the logic of the sub-tasks as well as the qualification required. The 
objective of the company has also to be expressed in terms of e.g. shortest 
completion time. 

The number of the group members as well as their position within the group’s 
hierarchy is made explicit. 

Group Member: A group member is simulated by a program: His/her profile can 
be determined randomly or specifically consisting of qualification, preference list of 
tasks, experience-index, social type (interested in power), and “resistance”-index 
expressing the power potential (i.e. how strong is the group member in acting 
destructively). 

There might exist several group members who are related to each other by a net 
of power respectively status. Power refers to the potential to force somebody else to 
follow a rule, while status represents the value of the person in the eye of the others. 
It is assumed that permanently growing status will lead to changes in the power 
structure (formally or informally). 

Moreover the interaction of utilities of group members can be specified: the 
utility of group member 1 might be perceived by member 2 and might enter member 
2’s utility function (positively or negatively), and vice versa. 

The group member specification allows for describing the different involved 
group members,- as many people are participating in the labor process as many 
programs are generated. 

Decision-Module: Group specification and group members serve as framework for 
the Decision-Module. The team leader is asked to make assignments and the 
simulation is started. The results are interpreted as criterion for the quality of the 
decisions. I.e. how ‘good’ is the view of the team leader, which group members did 
he/she describe accurately, whose utility function did he/she catch rightly and so 
forth. 

The interplay of the above mentioned features can be presented as follows: 




Fig. 2. The interplay of the components of ITBT: group specification, group member and 
decision module resulting in an evaluation of the team leader’s view 
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The interactive team-building tool serves as a learning device for people dealing 
with the described kinds of decisions. There is a particularly interesting issue of 
modeling social processes: As figure 1 shows the team leader is in a decision 
situation with a high degree of uncertainty concerning his/her model of team 
members. As a consequence he/she can only speculate on the utility function of the 
people. In order to assess his/her ability to catch reality, a tool is needed serving as 
mirror and allowing for reflection on the own view. ITBT acts as such a mirror in 
several ways: 

• Firstly, the user is forced to make his/her (very subjective) view of the decision 
situation explicit. 

• Secondly, the user is asked to express his/her model of the group members 
involved into the decision situation. 



• Thirdly, the tool allows for investigating the view by simulating certain 
decisions and assessing the results. 

• Fourthly, the tool highlights the influence of certain team constellations on the 
work schedule. 

ITBT shall improve decision making processes concerning work distribution by 
considering the operational as well as the inter-relational level in working teams. 
The applied learning method could be described in [13] terminology as “inner- 
feedback” that is reflective feedback to the user about his/her mental model. It 
implies judging the assumptions and increasing the understanding of the problem 
being studied. 



4 Conclusion 

Work processes change, at least in several organizational settings. Teamwork, 
flexibility, temporal project groups and the like are some notions describing the new 
ways of working together. These developments lead to critical decision situations for 
people being in charge for work distribution. It is well-known that certain team 
constellation may lead to unsatisfying results, while others might function very well. 
In order to provide team leaders with a learning tool, ITBT simulates the 
interdependence of group members based on the concept of utility functions. It 
shows which aspects play crucial roles in cooperative settings and it serves as mirror 
for the team leader. 
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Abstract. In this article, we want to demonstrate that data acquisition 
and processing are not only technical and information problem, but that 
they have to fulfil some sociological aspects, too. 

The data acquisition and processing is the part of a cybernetic system. 
However, nowadays it is too often identified only with an information 
processing system itself. Such a contraction is not harmful. However, by 
perpetuating it we lose a fundamental sense of the activity - it becomes 
incomprehensible and ‘art for art’s sake’. 



1 Introduction 

One of the main tasks exacted by a man on computer systems is data acquisition 
and processing. It is the result of a natural characteristic of human beings: the 
curiosity of the environmental world. Nowadays, we observe such a rapid increase 
of data acquisition and processing amount that it is often called an information 
explosion. 

Taking a part in emerging challenge, we work on new, faster computers and 
algorithms. Thus we collect more data and process it faster. In that untamed 
race, we have to decompose complex problems into simpler tasks in order to solve 
them {Descartes, Discours de la methode 1637). Focusing on their solution, we 
can clearly see only fragmentary goals, forgetting and losing the main purpose 
of our activity. 



2 Teleologies of Cybernetic Systems 

Cybernetics is the science concerning goal-oriented process solutions, fulfilling 
their demanded progress [11]. The goal-oriented sense of purpose is a paradigm 
of cybernetics [6], pointing the primordiality of contemplation over an activity. 
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Cybernetics is an interdisciplinary science that can combine rational and empi- 
rical methodologies. The second methodology uses to a considerable extent the 
notion of conceptualism. Therefore it does not negate the rationalism. 

Looking back in the history of cybernetics development, which is a rather 
new scientific discipline, indicates that its roots are in ancient times. 

Descartes had been searching for similarities in the machines, organisms, or 
communities. Looking back further - the Boole’s algebra or the ‘Yi-king’ binary 
logic - are the foundations for the modern data processing system. The ancient 
abacus was undoubtedly the early stage of computer [10], whereas the numerical 
Babylonian knowledge gives the beginning for computer science rather than for 
mathematics [8]. 

Referring to the names of researchers from the beginning of this discipline; 
[11] talks about “control and communication” (with the defined purpose but 
not only for the action necessity). Ashby [1], while building a Dispensive and 
Multistable System, accurately specifies that multistability is “the ability to 
reach balance by the whole system through the change of a goal”. Finally the 
‘Shanon mouse’, which learns by a trial and error method, realizes the fixed goal. 

The researches, changing in kaleidoscopic-like fashion, are mathematicians, 
philosophers or physiologists, mainly humanists having vast technical knowledge. 
These people in particular, bringing their impression on cybernetics, finally gave 
to cybernetics its teleological character. Cybernetics without this character is a 
science without the fundamental principles. 



3 Creative Data Acquisition and Processing 

Data acquisition and processing are the processes that have been in the centre 
of importance for ages. The history of our civilisation’s progress shows us how 
differently they can be realized. For example the Egyptians took note of events 
occurring in the sky and in nature. Thereafter, they drew conclusions in accor- 
dance with the principle ‘similar after similar’. The collections of such notes from 
the periods long enough had made possible to predict many phenomena [9] . To- 
day, for example, we similarly forecast weather. The empirical methodology (we 
talk about it here) is not without merit. Induction techniques, experimenting or 
concluding on the basis of data collection, clearly contradicts this. 

On the other hand, rationalism, especially in the course of building algorithms 
of data processing problems solution, is that part of cybernetics that has been 
inherited from mathematics. Looking back at history of science development re- 
lated to cybernetics suggests one more characteristic feature of that process: co- 
existence and common diffusion of the two trends i.e., the practicians-inventors 
and theoreticians-prophets. We can mention here many surnames, for example 
Pascal calculators - to Leibnitz’s theories, the counting machine of Schickard 
- to Keppler’s Rudolphian Tables, analytic machine of Babbage - to Boolean’s 
algebra, computers of Konrad Zuse - to the machine model of Turing, computers 
of Atanasoff - to Wiener’s memorandum. 

The data acquisition and processing are contemporary typical tasks for com- 
puter systems. 
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Computer science, having its roots in mathematics, is based on the algorithms 
development that can solve numerical and symbolic problems. It technically 
realizes the developed algorithms. The widespread use of a computer improves 
the possibility of the algorithms’ technical realization. Simultaneously, computer 
science leaves the structures and schema of proving that stem from mathematics. 
“The most crucial feature of the applied algorithms is a fact, that most of them 
haven’t got any proof of correctness and nobody cares to fulfil it” [9]. 

The commonness of a computer in data acquisition and processing is not 
detrimental. However one must not give in to the pressure of an activity (vide 
motto) . We have to remember the purpose it serves and to look for motivation of 
an activity, to justify and to compare the results obtained with our expectations. 

So, how to understand the ‘creative data acquisition and processing’ is the 
matter of our consideration. 

Pascal constructing his ‘computing machine’ had shown how to connect em- 
piricism with abstraction. Leibnitz in 1671 had directly written “it’s not proper 
for eminent people to waste their time on slavish work, on calculations, which 
could be done by anybody with the use of machines”. 

It is impossible to determine how long Kepler would have worked in Linz 
on Rudolfian’s Tables showing the planets’ movement, if he had used Nepper’s 
‘sticks’ and not Schickard’s ‘calculus machine’. No doubt, however, that the 
machine had sped up only calculations and the astronomer’s intellect had been 
the ‘creative factor’. 

The similar suggestions occur when we analyze the works on the analytical 
machine of Babbage or the logic machine of Turing. Also in Wiener’s works we 
cannot find anything presuming that the main component is a machine. Crea- 
ting general theories of communication and data processing, Wiener punctuated 
moral and social conditions what were written in his work [12]. “Using of human 
beings only like sources of energy seems like their degradation and dooming to 
galleys, but forcing people in the factories to the repeatable jobs with the use 
of only one-millionth part of their intellectual potential, is equal to dooming 
them to the same degradation. Unfortunately, it seems simpler to build facto- 
ries, which demand a very small amount of human abilities, than to build the 
world, where people could entirely develop” . 



4 Multistability and Feedback Theory 

Leibnitz, while giving the lecture at the Paris Academy of Science in 1702 on 
the binary arithmetics, was clearly pointing at the tract “YUking” (3000 BC) as 
his source of inspiration. That esoteric binary language relies on two fundamen- 
tal rules: “Yang” - primary and “Yin” - complementary, which stimulate each 
other’s progress. The accurate conditions of progress need the co-existence and 
balance of these two elements. 

We also know the European roots of feedback described by Bertalanffy [3]. 
Nikolaus von Kues (XV-th century) introduced the concept of coincidentia op- 
positorum, “antagonisms, battles between unique parts of the whole”, which still 
create entity of higher category. 
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Creative data acquisition and processing need that gentle balance between a 
computer and a man operating it. This is the balance between speed (and also 
the primitive nature) of acting and intellect with association variety. 

A computer is a tool for a man as fundamental as a microscope is for a 
biologist. It is the tool that enlarges man’s capabilities [7]. But, it is a mad 
dream to expect that the microscope substitute human eyes; it only intensifies 
them. To get such an intensification, it is necessary to provide both ‘sage’s eyes 
and a glass’. Only working together can they give impressive results. As a matter 
of fact, that is Aristotle’s “the whole is more than a sum of its parts” . 

The data acquisition and processing is similar - it does not exist only for 
itself but first of all for the interaction between the two activities. Since data 
acquisition develops our knowledge about what the surroundings are, data pro- 
cessing uses that knowledge to create what the activity should be (feedback). 
Only the balanced co-existence of these two elements tells us what things are 
and how they work. 

When building systems of data acquisition and processing, we should use both 
analytic and synthetic methods. This means that with specifications how the 
system works, we should give the specifications of goals it realizes and describe 
the system’s purpose. 

There are many situations when goaloriented methods allow for the aggre- 
gation of information. Our task is the realization of goal-oriented feedback in 
a data acquisition and processing system. Thus we must exhibit active rather 
than passive behavior as elements of the system. Ashby [7] points that the in- 
formation needs rapidly increase if we liberate interactions between the system’s 
elements. He also proposes that “after we have won a battle in common interac- 
tion allowance, we should learn the moderation in its usage” . One who realizes 
the feedback in a system of data acquisition and processing, should control this 
level of mentioned above with moderation, ensuring the information system’s 
stability. 



5 Conclusions 

The computer has been introduced to a civilisation with a strict aim, perhaps not 
always clearly articulated by its creators. That aim is the intellectual progress 
of a man and our civilisation. Ashby states directly [2] that “a computer is the 
amplifier of a man’s intellect” . One should not forget it, especially when there are 
proposed new applications of those tools. It was never the intention of Wiener to 
build “new factories, new galleys” , where the tool is a computer forcing people to 
do the repeatable jobs with the use of only one-millionth part of their intellectual 
potential. 

The existence of feedback is a necessary condition for the system’s stability 
[2]. In data acquisition and processing, the role of feedback is played by us. Our 
activities cause data to be separated (having no designation) from information af- 
ter the interpretation transformation. Wiener, while discussing information says: 
“the process of getting and using information is the process of our adaptation 
to various circumstances of surroundings and active life in it” . 
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When we destroy the feedback connection, we induce instability. Thus, when 
we eliminate a man from data processing and acquisition process, we irrevocably 
establish instability of information systems. 

With the use of computers, we can collect and process more and more data, 
we gather them, enlarge our archives and computer memories, but we cannot 
know if anybody can analyse such vast material. Maybe just like the XIXth 
century was called the century of steam, our XXth century will be called the 
century of huge amount of information that nobody needs. 

Synthetic vs. analytic, and a man vs. machine dichotomies have similar mea- 
nings. The first characterizes the whole while the second singularity, local events. 
Dichotomy provides equifinality rather than stability of a system [4] , which pro- 
ves homeostatic conditions of it (Ashby). 

The reason for a violent expansion of communication processes is the distur- 
bance of feedback between the man and the machine. It yields to the instability 
of the contemporary information system, which can be seen nowadays as infor- 
mation explosion. We are the subjects of data acquisition and processing, since 
the information is for us. Thus, we must take an active part in that process. 

The information system has the homeostatic property. Taking into account 
quantum limitation of the information processing speed [5], we can be sure that 
a machine will never be more intelligent than a man who has built it. There is, 
however, a pessimistic version: the man after he builds the machine, will bring 
himself to the degradation of his intellect lower than the machine’s level. 

We have no choice; ‘be optimistic’ is our imperative. 
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Abstract. This paper studies the concurrent simulation of DEVS sy- 
stems by using their encoding into a formalism for dynamic systems 
called Generalized Magnitudes (CM). When represented with GMs, the 
internal parallelism of a DEVS model is foregrounded and the concurrent 
inference techniques developed for the GMs formalism can be applied to 
speed up simulation. This approach is used for both atomic and coupled 
DEVS models, and does not require the modeler’s intervention. The in- 
ternal structure of a typical DEVS control system is identified, so that 
the scheduling algorithms can be adapted for further efficiency improve- 
ment. 



1 Introduction 

Discrete Events Simulation Systems (DEVS) is a formalism intended for di- 
screte event systems modeling [8,9]. It is based on Systems Theory, and provides 
a methodology for modular and hierarchical modeling. Previous studies have 
established the relationship between DEVS and Generalized Magnitudes (GMs), 
a formalism for reasoning in dynamic domains. A first translation from DEVS 
models to GMs was presented in [5] and was extended allowing simulation of 
DEVS models in [4]. Besides, a scheme for making concurrent the execution of 
GM’s inference method was introduced in [1]. In this paper we relate these works 
and study the applicability of the concurrent inference scheme to the concurrent 
simulation of DEVS systems. 

The GMs formalism can be used both for the encoding of the internal be- 
havior of each atomic DEVS model and the representation of the interactions 
among components of a coupled DEVS model. The resulting representation in 
GMs has a modular shape which shows the internal parallelism of the system, and 
allows for fine-grain parallelization. We will recall the interesting properties of 
the GMs formalism for DEVS modeling, including homogeneous representation 
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of transitions (internal and external), the partition of the transition function — 
which is introduced in each variable definition — and the integration of the time 
advance function into the expression of the transition function. 

In [1], a scheme for aplying concurrency to the GMs inference process was 
presented. It was developed for speeding up the inference in a multiprocessor 
environment with shared memory, without requiring user intervention. Several 
scheduling algorithms were studied, all of them based on simple heuristics derived 
from structural properties of the expressions involved in the inference. 

These concurrency algorithms for GMs systems can, therefore, directly be 
applied to atomic or coupled DEVS systems encoded in GMs. Since the GMs 
formalism is used for representing the whole DEVS model, the scheme exploits 
not only the parallelism among coupled components, but also the internal par- 
allelism of each component. 

This paper is organized as follows. In the next section we present a survey of 
the DEVS and the GMs formalisms, and how DEVS models can be translated 
into GMs. The scheduling techniques developed for concurrent evaluation of 
systems modeled in the GMs formalism are explained in section 3. Section 4 
will show how these techniques can be applied to the particular features of 
DEVS systems in order to speed up the simulation. In section 5 we focus on 
the concurrent simulation of coupled DEVS systems. Finally, we discuss some 
related work and present our conclusions. 



2 Relating the Two Formalisms 

A DEVS system is defined by seven parameters {X, Y, S, 5ext, Sint, A, to), where: 

— A is the set of external events. 

— V is the set of outputs of the system. 

— S' is the set of sequential states through which the system can pass. In DEVS 
systems there are usually two special state variables called phase and ct re- 
presenting the global state of the system, and its corresponding time, res- 
pectively. The a variable allows defining the time advance function ta. 

— 6ext is the external transition function, that defines the next state of the 
system given the current state and an external event. 

— Sint is the internal transition function, that yields the next state of the system 
given the current state and without need of any external event. 

— A is the output function, that provides the outputs the system yields before 
an internal transition occurs. 

— ta is the time advance function, that assigns to each state the amount of 
time that must elapse to reach the next internal transition. 

Therefore, a DEVS system evolves along time due to either an internal or an 
external transition. External transitions are due to external events, and internal 
transitions happen when a certain amount of time (which depends on the current 
state) has elapsed since the last transition of the system. Just before an internal 
transition happens, the system yields the corresponding outputs. A collision 
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occurs when an internal and an external transition happen simultaneously; in 
this case, a select function chooses between them. 



initial conditions 

initial phase: WAIT 
initial sigma: tmin(Pl) 
initial checkstate: PI 

external transition 

when receive value on sensor-port 
case of : phase 

WAIT : hold-in EARLY 0 

WINDOW : if value = expected (Pi) 

then hold-in SEND-COMMAND 0 
else hold-in ERROR 0 

internal transition 



case of : phase 

WAIT : hold-in WINDOW window (Pi) 

WINDOW : hold-in LATE 0 

SEND-COMMAND: set checkstate = next (checkstate) 
hold-in WAIT tmin (next (Pi)) 

ERROR : passivate 

output function 



case of 



phase 
EARLY : 
SEND-COMMAND : 
ERROR 
LATE 
else 



send "(Pi) input arrived too early" to error-port 
send control command (Pi) to command port 
send "(Pi) error in sensor value" to error-port 
send "(Pi) input arrived too late" to error-port 
send null message 



Fig. 1. DEVS specifications of a typical control system 



Figure 1 shows an example of a generic control DEVS system taken from [8]. 
The system processes the inputs received from a sensor, and takes one of several 
checkstates depending on it. The inputs X must arrive inside a time window 
(tmin) in order to be considered valid, and there is an expected function that 
decides if the input is expected in the current checkstate. If an input arrives out 
of the time window, the system generates the corresponding error message. The 
internal and external transitions obtain the next state, that is captured by the 
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phase state variable, and set the lapse of time ta (time advance function) for the 
next internal transition. The ta value plus the time of the last transition tlast 
provides the time value for the next internal transition tnext. When the elapsed 
time e equals the ta value, an internal transition occurs. Finally, an output Y is 
produced just before an internal transition is done. 

As for the Generalized Magnitudes formalism, it is a formalism for dynamic 
systems with a modular representation of the system. The basic unit of know- 
ledge representation is the generalized magnitude (GM), defined by a name, the 
set of possible values it can take, and a Knowledge Expression (KE) that deter- 
mines what (single) value is assigned to the GM in each evaluation of knowledge. 

The evaluation of the system’s knowledge takes place at discrete time in- 
stants, although located in a continuous time basis. Each evaluation starts when 
a GM becomes pertinent^ that is, when it receives a new value. A GM can receive 
an new value due to external events, due to references to the special temporal 
identifier now — that represents the current time — or due to the evaluation of its 
KE. Together with pertinence, the system applies inertia for the non-pertinent 
GMs, so that they preserve their values from the previous evaluation. 

Once introduced the basic concepts of the GMs formalism, we present a 
summary of how a DEVS system can be modeled under this formalism (see [5, 
4] for a more detailed study) : 

~ The external events will be implemented as GMs without knowledge expres- 
sion. 

— The outputs of the system will be implemented as final GMs, i.e., GMs which 
are not referred in the KE of any GM. 

— The state variables will be represented by GMs. We will distinguish the GM 
phase for representing the state of the system. 

— A transition, either external or internal, corresponds with an evaluation of 
the knowledge in the system, i.e., with the evaluation of the KE of all the 
pertinent GMs at a given moment. External transitions are directly transla- 
ted as consequences of the input events. In order to implement the internal 
transitions, it is necessary to define a GM tnext relating the next time point 
where an internal transition will take place. 

— The output function is implemented in the knowledge expressions of the 
GMs that represent the outputs of the system. 

— The Time Advance Function (ta) is another GM which depends on the global 
state of the system, and determines the time for the next internal transition 
(GM tnext). For the sake of simplicity, we will omit the cr state variable on 
which the ta function depends, and we will use instead directly a GM called 
ta. 

The GMs formalism forces an homogeneous representation of DEVS models. 
The input, output and state variables are represented as GMs, and both the 
internal and external transition functions are represented as knowledge expres- 



sions. 
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The translation of the previous DEVS example into the GMs formalism, 
using the equivalences presented before, is shown in Figure 2^. The phase GM 
obtains the state of the system for a given previous state, transition, and input, 
as well as the output GM represents the output of the system, and the GMs e, 
tlast and tnext contain the elapsed time, the time of the last transition and 
the time for the next transition, respectively. 



3 Concurrent Evaluation in the GMs Formalism 

As explained before, [1] has studied the concurrent execution of systems repre- 
sented in GMs in a shared memory multiprocessor. This study was based on 
the modular structure of the knowledge representation scheme provided by the 
GM formalism, and it allowed to make the parallelization process transparent 
for both designers and users. Several scheduling policies to achieve an efficient 
parallel execution were shown for a broad spectrum of expert systems. 

The knowledge execution is done as an ordered evaluation of the KE of the 
system. A knowledge expression consists of references to other GMs and constant 
values, combined with boolean, mathematical and conditional operators, and 
the previous operator for accessing the previous value of a GM. Each reference 
of a GM in the KE of another one establishes a dependence between them. 
Obviously, the order of evaluation is restricted in the sense that an expression 
cannot be evaluated until all the values for its dependences are available. The 
global ordering can be represented by a dependences net, which is defined as 
a directed graph where each node represents a GM, and each arc < A, B > 
represents a dependence, i.e., a reference to GM A in the knowledge expression 
of GM B. The result is a graph that captures the ordering constraints imposed 
by the references among GMs in their knowledge expressions. 

The dependences net can be arranged in layers, defined as a set of GMs that 
do not have direct or indirect dependences among them. For our purposes, we 
define for each GM a layer number as the length of the longest path from that 
GM to any final GM. The layer width, i.e., the number of GMs in a layer, is a 
measure of the quantity of work that can be done concurrently. 

The concurrent evaluation scheme for GMs tries to use all the available pro- 
cessors. Each processor takes a GM from a shared ready queue and evaluates 
it. Next, it marks all the GM’s outgoing arcs in the dependences net as solved. 
If a solved arc makes ready a GM, this GM is introduced in its turn in the 
ready queue. With this simple scheme all the processors share their work, and 
synchronization is mainly needed for accessing the central ready queue. 

Together with this scheme, we apply the concept of pertinence previously 
defined. The non-pertinent GMs will preserve their values from the previous 
evaluation. Therefore only those GMs that depend directly or indirectly on the 
inputs must be processed. The scheme drives, in this way, the processors to 
compute exclusively the GMs whose values may change. This yields a significant 



^ See [4] for a more detailed explanation. 
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GM phase (Initial Value: WAIT) 

Knowledge Expression: 

WINDOW if previous (phase) 

LATE if previous (phase) 

WAIT if previous (phase) 

PASSIVE if previous (phase) 

EARLY if previous (phase) 

GM chstate (Initial Value: PI) 

Knowledge Expression: 
next (previous (chstate) ) if phase = WAIT; 

GM Output 

Knowledge Expression: 

"send command" if phase = WAIT; 

"error message" if phase = PASSIVE; 

"late message" if phase = LATE; 

"early message" if phase = EARLY; 

GM e (Initial Value: 0) 

// time elapsed since last transition 
Knowledge Expression: 
timeof (now) -previous (tlast) ; 

GM tlast (Initial Value: initial-absolute-time) 

// time of the previous phase change 
Knowledge Expression: 
timeof (previous (phase) ) ; 

GM tnext (Initial Value: initial-absolute-time) 

// time of the next transition 
Knowledge Expression: 
tlast+ta; 

GM external (Initial Value: false) 

// indicates if there is input 
Knowledge Expression: 

true if timeof (now) =timeof (value) ; 

false ; 

GM internal (Initial Value: false) 

// indicates if there is an internal transition 
Knowledge Expression: 
true if e=prev(ta) ; 

false ; 

Fig. 2. Translation into GMs formalism 



= WAIT and internal; 

= WINDOW and internal; 

= WINDOW and external and 
expected (value) ; 

= WINDOW and external and 
unexpected(value) ; 

= WAIT and external; 
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speedup of the evaluation, since it is known that the subnetwork actually affected 
by change is usually a small part of the whole network. 

The dependences net is also fundamental for the task scheduling during the 
inference process. The aim is to finish the inference as soon as possible, making 
use of all the available processors. To this end, it is necessary to select in each 
moment the most appropriate GM for execution, from the ready ones. This 
selection can be done following different criteria, as for example the layer number, 
the number of dependences, and the estimated evaluation time. These criteria, as 
well as their combinations, and their performance results with different number 
of processors were studied in [1] . 

The layer number criterion selects the GM with highest layer number. The 
aim is to process GMs belonging to the longest paths first, because they are 
supposed to delay the processing of the whole net. On the other hand, the number 
of dependences criterion selects firstly the GM with more outgoing arcs, because 
it will likely provide more work to the processors. Another criterion combines 
the two preceding ones, and selects the GMs with highest layer number, and 
among these, the one with more outgoing arcs. Finally, several criteria include 
the selection by estimated evaluation time, which is based on the idea that a 
GM with high evaluation time yields a higher delay for all the GMs depending 
on it. 

The better simulation results were obtained by the scheduling algorithms 
that included the criteria of estimated evaluation time or the layer number. For 
instance, the HLFET [1] scheduling algorithm combined these two criteria, by 
selecting the GM with highest evaluation time for any path to any final GM. 
This criterion reached the highest efficiency: up to 80% for generated KBs, and 
up to 90% for a reduced set of real KBs. The second algorithm regarding its 
performance, was the one including the layer number as first criterion, and the 
evaluation time as the second. 

4 Concurrent Simulation of DEVS Systems Represented 
in GMs 

This section is devoted to analyse the structure of the dependences net for a 
typical DEVS control system represented in GMs. The selection of the scheduling 
policy and its improvements will be done based on this analysis. 

Figure 3 represents the dependences net resulting from the translation of 
a generic DEVS control system into the GM formalism. It is easy to identify 
all the parts of the system: inputs (V), outputs (Yi), state variables {Si, for 
instance, chstate in Figure 2), state (phase), the select function (select), and 
several GMs intended for time management (now for clock, e for elapsed time, 
ta for time advance, tlast for time of last transition, and tnext for time of 
next transition). The select function depends on two subfunctions: one that 
detects when an internal transition occurs (internal), and another for detecting 
external transitions (external). The boxes stand for sets of GMs whose number 
and structure may vary from one DEVS model to another. 
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Fig. 3. A generic DEVS system modeled using the GM formalism 



The general structure of these systems can also be identified. Three parts 
may vary for each particular DEVS model depending on the desired behavior: 
Xi, Si and Yi. But the rest of GMs corresponding to time, state and transition 
management will always be present. 

The dependences among GMs are represented by two different kinds of ar- 
rows: regular arrows for usual dependences, and dashed arrows for those depen- 
dences modified by the previous operator. In the picture the different layers 
can be identified, each one containing a set of independent GMs. 

The structure of this dependences net has the shape of a big X, where the 
phase GM is located in the cross-point. This means that the amount of work for 
processors will decrease from the starting points to the middle point, and just 
after it, it will grow to the final points. 

Note that since the dashed arrows represent references to the previous ope- 
rator, which obtains the value of a GM in a previous evaluation, they do not im- 
pose restrictions for evaluating GMs, because all the previous values are available 
when a new execution starts. Therefore, these arrows will not be considered as de- 
pendences for the concurrent evaluation. This is also the reason why they do not 
constitute cyclic references in the structure (for example internal-phase-ta). 

In Figure 4, a concurrent execution of the previous example using three 
processors is presented. We use the layer number scheduling algorithm, which 
selects from the ready GMs those with highest layer number. Initially, the ready 
queue contains e, external and Si. Applying the algorithm, e and external 
are selected by processors 1 and 2 due to their layer numbers. Meanwhile, the 
third processor starts the evaluation of elements from the Si subnet which do not 
depend on select. The execution of e makes ready internal, which is selected 
next. After this, the three processors focus on the Si subnet. The execution 
continues as represented in the diagram. 
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Processor 1 


e 


internal 


seleet 


Si... 


phase 


tlast 


tnext 


Yi... 


Processor 2 


external 


Si... 




ta 


Yi ... 


Processor 3 


Si... 




Yi ... 



Fig. 4. A possible schedule for the simulation of a DEVS model using two processors 



We improve the concurrency by evaluating at the same time the common 
and the specific parts of the system. The initial layers of the structure have 
few GMs, so little work could be done concurrently. But a detailed study of the 
structure shows that the initial layers can be done concurrently with part of the 
Si subnet, particularly with those GMs that do not depend on the select GM. 
The situation is analogous in the final part of the net, where the ta, tlast and 
tnext GMs can be evaluated concurrently with the outputs 

The dependences net of the example presents several difficulties for its con- 
current simulation. The most obvious one is that it has a layer with only one 
GM: the GM named phase. Therefore, only one processor will be busy when 
this layer is in progress. In order to reduce the impact of this forced break in 
the processor usage, we try to occupy all the processors just until the evaluation 
of phase begins. This is done by delaying the processing of GMs with lowest 
layer number as much as possible. The layer number criterion is adequate for 
this problem, because it drives the execution of the net by evaluating the set of 
GMs layer by layer. 



5 Concurrent Simulation of Coupled DEVS Models 
Represented with GMs 

The coupled DEVS model is represented in the GMs formalism by a set of GMs 
for each atomic DEVS model plus additional GMs that represent the interface 
among them [5]. The connections are made by modifying the KE of the input 
GMs of the DEVS models that receive outputs from another model. The KE 
contains now the name of the output GM of the model from which it receives 
the value. This representation introduces a restriction for the modeler, because 
he(she) should not reference GMs of different subsystems, apart from those re- 
presenting connections between subsystems. 

The concurrent simulation of the coupled DEVS model does not involve spe- 
cial difficulties when represented in the GMs formalism. The fine-grain concur- 
rent evaluation scheme developed for the GMs formalism can be applied direc- 
tly. Several atomic DEVS models will be evaluated concurrently, following the 
scheme explained in the previous section. In Figure 5 a coupled model with five 
atomic models A-E is represented. The A and G models can be executed sha- 
ring all the processors, as there are no connections between them. And when 
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one model finishes its evaluation, the following one will start its evaluation. In 
the example, if model A requires more time for its evaluation than C, then the 
execution of model D will start even though model A is still being evaluated. 




Fig. 5. A coupled DEVS system 



The mechanism for concurrent evaluation of GMs does not actually distin- 
guish different atomic DEVS models. It processes each component’s GMs as if 
they belonged to one single DEVS system. A large dependences net is built, and 
the concurrent execution uses available processors for progressing through this 
net. The ready queue will contain pieces of work (GMs) belonging to different 
atomic DEVS models, and the processors will execute it using the scheduling 
algorithms presented in previous sections. 

The simultaneous occurrence of multiple external and internal transitions is 
managed taking into account the influences among components. Multiple inputs 
can be introduced giving values to several Xi, making them available for the 
external transition. However, if multiple internal transitions are scheduled, an 
implicit order is established. Firstly, the components whose inputs are not affec- 
ted by the outputs of other scheduled components are processed. Then, although 
in the same evaluation, the rest of components are processed since they have all 
their inputs available. For instance, assume that in Figure 5 components A and 
B have simultaneous internal transitions. In that case, component A starts its 
evaluation first, and component B is evaluated afterwards. Note that compo- 
nent A has an internal transition, while component B has an internal transition 
together with an external one (due to the output of A). 

If there are cyclic dependences among components, the current translation 
into the GMs formalism will assign the value unknown to all the GMs, because 
the system does not have enough information to solve the cycle. Of course, this 
problem can always be overcome by introducing a general select function for 
the coupled DEVS model. Each component’s select function would use the value 
of this function in order to determine what component has been selected for 
executing its internal transition. 
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6 Discussion and Related Work 

The Revised DEVS formalism presented in [2] increases the parallelism of the 
formalism allowing multiple input events and simultaneous internal transitions. 
The select function is replaced by a confluent transition function that leaves 
up to the modeler the description of the system behavior when a collision between 
the internal and external transitions occurs. Among the possible instances of this 
function, it is proposed that the external transition is done just after the internal 
one. 

The GMs formalism also allows exploiting this type of parallelism. For ex- 
ample, it is possible to give values to several input GMs at the same time for 
representing simultaneous input events. Gomponents with simultaneous internal 
transitions can be concurrently executed if they have no dependences among 
them. Otherwise, the dependences net will guide the concurrent evaluation. 

The distributed simulation of DEVS models has been studied in [6]. In this 
work by Praehofer et ah, an algorithm which uses conservative and optimistic 
strategies is presented. It computes input time estimates for each atomic com- 
ponent in order to know when event processing is safe. Our work differs from 
theirs in several aspects. For instance, we simulate only conservatively, our par- 
allelization deals with finer grains, and we consider the possibility of parallelizing 
the execution of one atomic DEVS model. Besides, instead of requiring the desi- 
gner to decompose the whole model into clusters to run on different processors, 
our approach does all the work in a transparent way, with no designer or user 
intervention. 

The identification of the structure for DEVS models represented in GMs 
yields interesting benefits. One of them is that the scheduling algorithms can 
be modified for improving performance when a system of this structure is being 
executed. A similar approach is presented in [3,7], where the specific properties of 
each task are exploited in the verification and validation process of a knowledge 
based system. This proposal allows for a more detailed verification that includes 
task specific properties. Furthermore, it allows the verification of the knowledge- 
based system against a specification of the intended behavior and, consequently, 
repairing actions can be suggested. 

7 Conclusions 

We have shown how the choice of the GMs formalism for representing DEVS 
systems allows for their efficient and concurrent simulation. On the one hand, 
the modular representation of knowledge allows an efficient simulation thanks to 
the identification of the part of the model affected by change. On the other hand, 
it exposes the internal parallelism of the DEVS model, that can be exploited by 
the concurrent execution techniques developed for the GMs formalism. 

The concurrent execution scheme presented in this work is powerful enough 
to make an efficient parallelization of both atomic and coupled DEVS models. 
It exploits the internal parallelism of the model, and therefore, it does not re- 
quire any intervention of the designer or the user. Finally, the identification of 
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the structure of a generic control DEVS model allows for efficient scheduling 
algorithms. 

Several lines remain open. The concurrency techniques could be improved 
if several evaluations were allowed to occur at the same time, but a detailed 
estimation of the time for the next transition must be done in order to avoid 
wrong computations. Besides, the identification of structural patterns in the 
dependences nets for specific systems could provide new efficiency improvements 
by means of adaptations of the scheduling algorithms. 
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Abstract. Motivated by a typical and well-known problem of neurobio- 
logical modeling, a parallel algorithm devised to simulate sample paths of 
stationary normal processes with rational spectral densities is implemen- 
ted to evaluate first passage time probability densities for time-varying 
boundaries. After a self-contained outline of the original problem and of 
the involved computational framework, the results of numerous simula- 
tions are discussed and conclusions are drawn on the effect of a periodic 
boundary and a Butterworth-type covariance on determining quantita- 
tive and qualitative features of first passage time probability densities. 

1 Introduction 

The purpose of the present paper is to focus on the determination of the proba- 
bility density function (pdf) of the random variable (rv) representing the instant 
when for the first time a dynamic system enters a preassigned critical region of 
the state space. Our attention will be devoted to the instance in which such a 
region collapses into one single point, while the system is described mathema- 
tically by a one-dimensional stochastic process. This is a typical first passage 
time (FPT) problem, of the kind that has been massively approached by us in 
the past to model single neuron’s firing problems. To pinpoint the relationship 
existing between an FPT problem and the mentioned neurobiological example, 
a few considerations are in order. 

As is well known, neurons are subject to ceaseless stimulations due to the 
bombardment of inhibitory and excitatory signals that in many cases impinge 
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on them according to random time sequences. If the sum of the net excitation is 
such that a change in the membrane potential higher than a certain threshold 
voltage occurs, then an explosive process starts, that ends in an electrical event 
called a “spike” . The resting potential of the neuronal membrane is then resto- 
red within a few milliseconds. This situation corresponds to an FPT problem 
for the associated stochastic process X{t) representing the membrane potential 
between two consecutive neuronal spikes. The initial voltage, namely the reset 
value following a spike, is often assumed to be equal to the resting potential 
X{to) = xo- The threshold potential is denoted by the deterministic function of 
time S{t), with S{to) > xq- Then the theoretical counterpart of the interspike 
interval is the FPT rv defined as 

T = inf {t : X{t) > S{t)} , X{to) = xq < S{to) ■ (1) 

t^to 

Therefore, the reciprocal relationship between the firing frequency and the in- 
terspike interval naturally leads to the problem of characterizing the pdf of T, 
namely the function 

g[S{t),t\xo,to] = ^^P{TSt) . (2) 

The birth of this research area, on quantitative grounds, stems out of a classical 
paper [7] in which the authors invoked a diffusion process as responsible for 
the fluctuations of the membrane potential under the assumption of numerous 
simultaneously and independently acting input processes. They were able to 
show that, by suitably choosing the parameters of the model, the experimentally 
recorded interspike interval histograms of numerous units could be fitted to an 
excellent degree of approximation by means of the FPT pdf of a Wiener process. 
However, despite the excellent fitting of some data, this neuronal model has 
been the object of various criticisms [13], particularly because of the absence 
of the well-known spontaneous exponential decay of the neuron’s membrane 
potential occurring between successive spikes. Ever since, alternative stochastic 
diffusion models have been proposed in the literature, aiming at refinements and 
embodiments of other neurophysiological features (see [9], [10] and references 
therein) . Among these, the most famous is undoubtedly the Ornstein-Uhlenbeck 
(OU) model (cf., for instance, [9]). 

Differently from the mentioned Wiener model, FPT problems for the OU 
process are in general very complicated so that cumbersome computations have 
traditionally been performed in the literature to come to some reliable evaluation 
of the statistics of the firing time. A breakthrough was provided in [2] where an 
efficient procedure was devised to solve a nonsingular Volterra integral equation 
in the unknown FPT pdf, thus obtain accurate numerical evaluations. Such a 
procedure holds for the general case of time-varying boundaries, for arbitrary 
diffusion process and, as recently shown, also for Gauss-Markov (GM) processes 
(cf. [5]). 

Diffusion models and, more generally, GM processes, rest on the strong Mar- 
kov assumption, which implies the possibility of making use of various existing 
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analytic methods for the FPT pdf evaluation. However, it is conceivable that, 
particularly if a dynamical system is subject to strongly correlated stimulations, 
the Markov assumption is inappropriate, so that models based on non-Markov 
stochastic processes ought to be considered. Similarly to what has been done for 
GM and OU models, one can thus challenge an approach to correlated Gaussian 
processes. 

The difficult here is due to the lack of effective analytical methods for obtai- 
ning manageable closed-form expressions for the FPT pdf. Henceforth we shall 
set to = 0 and denote by {X{t),t ^ 0} a one-dimensional non-singular statio- 
nary Gaussian process with mean E[X{t)] = 0 and covariance E\X{t)X{T)] = 
7(t — t) = 7(r — t) such that 7(0) = 1,7(0) = 0 and 7(0) < 0. Furthermore, let 
us denote by S{t) G G^[0,oo) the boundary (or threshold) with S'(O) > xq. The 
FPT pdf of X{t) through S{t) is given by (cf. [11]) 

00 pt pt pt 

5[S'(t),t|xo] = IFi(tjxo) + ^(-1)* dti dt 2 --- dtiWi+i{ti,...,U,t\xo) , 

0 J t\ J ti — \ 

( 3 ) 

with 



^00 ^00 

(^1 1 ■ • ■ •)^n\ ^ 0 ) ~ f dZ\ ‘ ‘ ‘ I dz^i 

JS{ti) Js{tr,) 

n 

xY\_[Zi- S{ti)]p2n[S{ti),...,S{tn)-,Zi,...,Zn\xo] , (4) 



where P 2 n{xi,- • • ,x„; ^i, . . . ,2„|xo) is the joint pdf of X{ti), . . .,X{tn), Z{ti) = 
X{t\), ..., Z{tn) = X{tn) conditional upon X(0) = xq. Unfortunately, the 
functions (4) appearing in (3) cannot be simplified because the involved multiple 
integrals cannot be calculated. Since (3) is a Leibnitz series for each fixed t > 0, 
estimates of the FPT pdf can in principle be obtained; indeed, its partial sum 
of order n provides a lower or an upper bound to g depending on whether n is 
even or odd [12]. However, also the evaluation of such partial sums is extremely 
cumbersome because of the complexity of the involved terms, except for the 
first-order term which has the following closed form expression (cf. [11]): 



Wi{t\xo) 



2^[l-7^(t)] P 




SHt) \ 
2[l-nt)]} 

- cj{t\xo) / exp 

J (r(t\xo) 




where H3(t) is the covariance matrix of X(0), X(t), X(t) , 



( 5 ) 



^s(f) = 



1 7(f) 7(f) 

lit) 1 0 

lit) 0 -7(0) 



(6) 
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and 



a{t\xo) ■■= 



\ \Mt)\ 




7(^)[7ft)5'(t)-xo] \ 

1-7^W i 



( 7 ) 



Note that for alH > 0 the first-order approximation VEi(t|a:o) provides an upper 
bound to the FPT pdf in (3), but is a good approximation of g only for small 
values of t. In the sequel we shall assume that the covariance 7(f) is of the 
Butterworth type (B-2), i.e.: 



"f{t) := E[X{t + t)X{t)] = V2e sin -I- t ^ 0, a G M''' . (8) 

Being the simplest type of an oscillatory covariance that carries a concrete en- 
gineering significance, (8) has often been invoked to approximate other covari- 
ance functions of interest for applications (cf. [14]). 

Figures 1-3, obtained via (5), refer to a stationary Gaussian process origi- 
nating at Xq = 0 with zero mean and covariance (8). Figure 1 shows plots of 
W\{t\xo) with a = 1 in (8) for various constant boundaries. We note that as the 
boundary increases Wi{t\xo) decreases for alH > 0 to approach a constant value 
as t diverges. Figures 2 and 3 show plots of Wi (t |a;o) as functions of t with a = 2 tt 
for the periodic boundaries S{t) = 1-1- sin(2 7rt/(5) and S{t) = 1-1- cos{2nt/Q), 
respectively, and for different values of Q. In all cases as t increases the function 
Wi{t\x[)) becomes periodic with the same period of the boundary. 

The computational complexity of equations (3) and (4) apparently urge that 
alternative analytic procedures be used in order to obtain information on the 
FPT pdf. A complementary, effective approach is instead the object of the pre- 
sent paper. Here, we implement a simulation procedure in order to disclose the 
essential features of the FPT pdf for a class of Gaussian processes and specified 
boundaries. Our approach relies on a simulation procedure [1] by which sample 
paths of the stochastic process are constructed and their first crossing instants 
through the assigned boundary are recorded. The underlying idea, originally pro- 
posed by Franklin [6], can be applied to any Gaussian process having spectral 
densities of a rational type. Since the sample paths of the simulated process are 
generated independently of one another, the simulation procedure is particularly 
suited for implementation on supercomputers, so it has been resumed recently. 
Such a procedure has been extensively implemented by us in order to explore the 
possible different shapes of the FPT pdf as induced by the oscillatory behaviors 
of covariances and boundaries. 

Our goal has been is characterize the FPT pdf in terms of parameters of the 
covariance in the single periodic boundary problem. The motivation has been 
partially suggested by some results obtained in [8], where it is shown there that 
for a certain class of Markov processes, the FPT pdf through periodic boundaries 
exhibits damped oscillations reflecting the periodicity of the boundary. We have 
thus been naturally led to investigate whether such a behavior also occurs for 
Gaussian processes. Section 2 contains a sketch of the theoretical model while 
Section 3 indicates how the simulation procedure has been vectorized. Section 4 
reports the results of the analysis of the simulations, as well as conclusions on 
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the effect of the periodic components of the covariance and of the boundary in 
determining the qualitative features of the corresponding FPT pdf. 




Fig. 1. Plot of Wi{t\xo) as function of t for a stationary Gaussian process with zero 
mean and covariance function (8) with a = l,a;o = 0 and S{t) = 0.5, 1, 1.5,2 ( top to 
bottom). 



2 The Stochastic Model 

Let us consider the linear filter 



X{t) = / h{s) W {t — s) ds (9) 

Jo 

where h(t) is the impulse response function and W (t) is the input signal. By 
Fourier transforming, (9) yields 

FxM = \H{iv)\‘^rw{io) (10) 

where Fw(w) and /x(w) are the spectral densities of input W{t) and output 
X{t), respectively, and where H{uj) denotes the Fourier transform of h{t). Equa- 
tion (10) is suggestive of a method to construct a Gaussian process X{t) having 
a preassigned spectral density Ex(w) = r{oj). It is indeed sufficient to consider 
a white noise A{t), having spectral density = 1, as the input signal and 
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Fig. 2. Plot of Wi{t\xo) as function of t for a stationary Gaussian process with zero 
mean and covariance function (8) with a = 27 t, *0 = 0, S{t) = 1 + sin(27rt/Q) for 
Q = 1 in (a), Q = 2 in (b), Q = 3 in (c) and Q = 6 in (d). 







Fig. 3. Plot of Wi(t\xo) as function of t for a stationary Gaussian process with zero 
mean and covariance function (8) with a = 2 tt, xo = 0, S{t) = 1 + cos(27rt/Q) for 
<5 = 1 in (a), Q = 2 in (b), Q = 3 in (c) and Q = 6 in (d). 
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then select h{t) in such a way that |i?(w)p = r{uj). Referring to the covariance 
function (8), the spectral density of X{t) is given by 

/ oo o 3 

Choosing the following real-coefficients polynomials 

P{z)=2V^ Q{z) = + 2az + 2a^ , (12) 



from (11) it results C(w) = \P{iuj) /Q{ico)\'^ . Setting H{uj) = P{iuj)/Q{ioj), from 
(10) it follows (cf. [3]) 

where D = d/dt. To calculate the output signal X{t) it is thus necessary to solve 
first the differential equation Q{D)(f>{t) = A{t) to obtain the stationary solution 
(()(t), and then evaluate X{t) = P{D)<j){t). Equation (13) is equivalent to 



where 



dw{t) 

dt 



C^r{t) + y{t) , 



v(t) = 





(14) 



(15) 



The simulation procedure aims to construct sample paths of the process X (t) at 
the instants t = 0, At, 2At, . . . where At is a positive constant time increment. 
Solving (14) at these instants, one obtains 

v(0) = B v[(fc -h l)At] = e^^W(kAt) + , (16) 

where for fc = 0, 1, . . . is a sequence of i.i.d. standard normal rv and 
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In this way, the equation X{t) = P{D)<p{t) becomes 



(17) 

(18) 

(19) 



X{kAt) = 2V^Vi{kAt), A: =1,2,... (20) 



by which the sample paths of the process are constructed independently of one 
another. 
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3 The Simulation Procedure 



According to (1), we denote by T the rv representing the FPT through the 
boundary S{t) with the condition that S{t) has never been previously crossed. 
Without loss of generality, in the sequel we shall assume A(0) = 0 at the in- 
itial time to = 0. Our aim is to estimate the FPT density (2) for a stationary 
Gaussian process with zero mean and covariance (8). To this purpose, the stop- 
ping criterion of a simulated path is the occurring of the first crossing of the 
boundary. The instant when such a crossing takes place is recorded, the sample 
path is then discarded and the simulation is carried afresh from the initial state 
X(0) = 0 and the initial time to = 0- 

Let us denote by NPMAX the number of paths to be simulated and by 
N COUNT the counter indicating the number of paths reset to the initial state. 
The length of vector loops is represented by the integer N PARA, which depends 
on the employed supercomputer: by means of (20) at each step the states of the 
NPARA simultaneously simulated sample paths are determined. The procedure 
for simulating the sample paths of X (t) and for recording the boundary crossing 
instants can be summarized as follows: 



Step 0. 
Step 1 . 



Step 2. 
Step 3. 
Step 4. 

Step 5. 
Step 6. 
Step 7. 



Step 8. 



Input a, NPMAX, NPARA, At. 

Paramieters computation by sequential instructions: 

- P{z) and Q{z) coefficients in (12); 

- elements of matrix in (17) ; 

- elements of matrix B in (18) ; 

NCOUNT := 0; T := 0; 

generate NPARA standard Gaussian numbers; 
for i := 1 to NPARA do 

- compute the initial state vector v(0) in (16); 
if {NCOUNT > NPMAX) stop; 

generate 2* NPARA standard Gaussian numbers; 
for i := 1 to NPARA do 

- T{i) := T{i) T At- 

- compute the vectors v(i) in (16); 

- compute X{i) in (20) ; 

- calculate the values of the boundary S{i); 

- if X{i) A S{i) then 

FLAG{i) := 1, 
resetting the vector v(0) 

- if X{i) < S{i) then 

FLAG{i) := 0; 

NCOUNT := NCOUNT + FLAG{i); 

T{i) := [I- FLAG{{)]*T{i)-, 

go to Step 5. 



By using the recorded instants in the array T(-), the unknown FPT pdf 
g[S{t),t] = g[S'(t), t|0, 0] can be estimated by constructing histograms with a 
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suitable choice of the number of classes. The error due to the introduced di- 
scretization time is not larger then At. The error induced by the Monte Carlo 
method is of the order of 1/\/NPMAX, so that NPMAX must be large (for 
our simulations NPMAX = 10^.) 

4 Computational Results 

Along the lines indicated in the previous section, we have implemented a parallel 
FORTRAN90 program on a 128-processor Cray T3E/1200 supercomputer, based 
on MPI language for parallel processing. The simulation procedure is structured 
in such a way that after establishing the form of the covariance and of the 
boundary, the choice of the involved parameters can be made. Input variables 
are the total number of sample paths to be simulated, the number of those 
that must be simultaneously simulated and the time discretization step. From 
the recorded array T(-) of crossing instants, histograms are then constructed to 
estimate the FPT pdf g{t). 

By making use of this simulation procedure, extensive computations have 
been performed by us to gain some insight on the behavior of FPT pdf through 
varying boundaries of the form 

S{t) = 5'o -I- A sin 

S{t) = 5'o -I- A cos 

where S'o, A and Q are positive constants. The results of the simulations indicate 
that in the case of the constant boundary obtained by setting A = 0 in (21) and 
(22), the FPT pdf g{t) is rigorously unimodal (see Fig. 4), in apparent contrast 
with the oscillatory behavior of the covariance function (8). In general, due to 
the relation P = 2^1 a holding between the period P of the oscillatory part 
of the covariance and the decay constant a, for large values of a one obtains 
highly damped oscillations of the covariance so that such oscillations do not 
affect the shape of FPT pdf. On the other hand, as a decreases the damping 
effect reduces but the period P of the oscillation increases; the effect of such 
oscillations is therefore invisible in the shape of g{t) because practically most 
of simulated sample paths have crossed the boundary before the first oscillation 
has been completed. Hence, as a increases the mode decreases while the height 
of the peak increases. This means that as a increases the whole probability mass 
approaches the y— axes, so that the corresponding FPT pdf goes to zero faster 
and faster. We note that as a increases, the covariance function (8) approaches 
that of an OU-type diffusion process. Hence, its sample paths are characterized 
by very rapid fluctuations, so that boundaries close to the equilibrium point are 
almost instantaneously crossed. 

It should be stressed that a multimodal behavior of the FPT pdf may be ex- 
pected if the assumption of constant boundary is removed. Indeed, the performed 



2TTt\ 

~q) ’ 


(21) 


27rt \ 


(22) 


~q) ’ 




328 



E. Di Nardo et al. 



simulations support the conjecture that for Gaussian processes, the behavior of 
FPT pdf shows some similarities to that discovered for diffusion processes [8]. 
In particular one finds that, after an initial phase on which we shall soon say 
something more, for the case of periodic boundaries (21) and (22), the FPT pdf 
g(t) becomes multimodal: its successive relative maxima occur after time inter- 
vals equal to the period Q of the boundary and the amplitudes of such maxima 
decrease in time. 

The simulation results have showed that the parameter 



A := 



Q 

P 



aQ 



(23) 



i.e. the ratio between the period Q of the boundary (21) or (22) and the period P 
of the oscillating component of the covariance function (8), plays a fundamental 
role in determining the behavior of FPT pdf. 

Let’s begin to analyze the behavior of estimated FPT pdf in the presence 
of boundary (21). Figure 5 refers to the case A ^ 1. We note that initially a 
peak shows up whose amplitude increases with A. (In Fig. 5(a), where A = 1, 
such a peak is too small to be noticed.) In Fig. 5(b), where A = 2, the presence 
of the initial peak can be observed; such a peak becomes progressively more 
pronounced as A increases (see Fig. 5(c) and 5(d)). It should be noted that as 
the initial peak increases the amplitudes of the successive peaks progressively 
decrease because of the conservation of the total probability mass. Furthermore, 
comparing Fig. 5 with the same cases shown in Fig. 2, we note that the function 
Wi{t\0) in the neighborhood of the origin gives a good approximation of the 
FPT pdf of g, and hence also of (/. As A decreases, the initial peak of g closed 
to the origin tends to decrease, to disappear for A < 1 (see Fig. 6(a)). 

Qualitatively analogue results are obtained for periodic boundaries of type 
(22) that are initially decreasing. For A < 1, as in the presence of boundary 
(21) the estimated FPT pdf g{t) exhibits a multimodal behavior with maxima 
occurring after time intervals equal to the period of boundary (compare Fig. 6(a) 
with Fig. 6(c)). The relative maxima of g in the case of boundary (22) are greater 
than those of g in the case of boundary (21). For A > 1, differently from the 
previous case of boundary (21), the presence of the initial peak is less evident 
because of the initial decrease of boundary (22) (compare Fig. 5 with Fig. 7 and 
Fig. 6(b) with Fig. 6(d)). In particular. Fig. 7 shows that as A increases the mode 
increases while the absolute maxima of g decreases. As for the previous boundary, 
by comparing the curves of Fig. 7 with the corresponding ones in Fig. 3, we note 
that the function W\{t\Q) in the neighborhood of the origin again gives a good 
approximation of the FPT pdf of g, and hence also of g. 

For the boundaries (21) and (22), Fig. 8 shows estimated FPT pdf with 
A = 10 and A = 30. As is to be expected, whenever A becomes large — i.e. 
when the boundary’s period is much larger then that of the periodic term of 
the covariance — such pdf becomes unimodal. Indeed, one expects to observe 
a behavior similar to that characterizing constant boundaries because for very 
large values of A the boundary remains practically constant during the time 
interval in which the covariance is appreciably non vanishing. 
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It should be pointed out that parameter A plays also a different role. In- 
deed, FPT pdf corresponding to the same value of the ratio A = Q/P can 
be mapped into one another by a suitable transformation. To see it, let us 
consider the stationary normal process X(t) with zero-mean and covariance 
7(f) := E[X{t)X{t + 1)]; furthermore let us assume that P[X(0) = 0] = 1. Let 
us now consider the transformed process Y{t*) = X{t* /c). Process Y{t*) is itself 
normal, stationary, with zero-mean and initial state P(0) = 0. The covariance 
function oiY{t*) is given by 

7(t*) = P[P(r + P)y(P)] = p[x(^ + ^)x(^)] =y(^) , (24) 

with 7(0) = 1. Hence, if X{t) has covariance (8), then Y{t*) has a B2-covariance 
with parameter a = ajc and period P = 2 tt/S of the oscillating component. The 
FPT problem for X{t) through S{t) is thus changed into the FPT problem for 
Y{t*) through the boundary S{t*) = S(t*/c). Hence, the FPT pdf gy [S'(P), t*|0] 
of the process Y{t*) is related to FPT pdf (2) as follows: 

gy[5(P),P|0] = - Jsf-V- ol . (25) 

c [ \ c J c 

We remark that if the boundary S{t) is periodic with period Q, also the boundary 
S{t*) is periodic with period Q = cQ, so that 



and 
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Q a P 



gy[5(P),P|0] 







(26) 

(27) 



In conclusion, the FPT pdf for a preassigned pair P, Q can be determined via (27) 
from the FPT pdf corresponding to the pair P, Q provided that X = Q/P = Q/P. 
As an example, let us consider the FTP problem with a = 2 tt and S{t) = 1-1- 
sin(27Tt) and let g denote the corresponding pdf. Due to (27), since Q/P = Q/P, 
the FPT pdf gy for S{t) = 1-1- sin(27rt/3) and a = 27 t/ 3 is obtained from g as 
follows: 

l-ksin(^27r^),t|0 = ^ g 1 -f sin (^27 t^) , ^ 0 . (28) 

Graphs (a) and (b) of Fig. 9, obtained via our simulation procedure, “experi- 
mentally” indicate the validity of such relation. Fig. 9(c), obtained by simulation 
as well, refer to the FTP problem with a = 27t/ 6 and S(t) = 1-1- sin(27rt/6). 
Relation (27), again expected to hold, turns out to be experimentally confirmed, 
as one can see by comparing Figs. 9(a) and 9(c). We incidentally note that all 
this further stresses the reliability of the adopted simulation procedure. 




Simulation of Gaussian Processes 



333 



5 Concluding Remarks 

In the foregoing, a simulation procedure for evaluating FPT pdf’s for correla- 
ted stationary Gaussian processes has been sketched. Some indications about its 
features in the case of both constant and oscillatory boundaries have been pro- 
vided when the covariance is of the Butterworth type. Use of such a procedure 
is valuable for the investigation of the time evolution of a variety of dynami- 
cal systems subject to random perturbations. In particular, this is certainly the 
case of single neuron’s activity behavior modeled by stochastic processes of a 
non-Markov Gaussian nature, for which the existing literature is scarce and 
fragmentary (cf. [4]). Although a specific reference has been made here to the 
neurobiological case, FPT problems for correlated Gaussian processes bears a 
great relevance in a variety of other fields, including population dynamics and 
risk-assessment, for which analytical methods are lacking or ineffective. 
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Abstract. The training of the personnel plays a major role in the security and 
reliability of many industrial processes. In order to fulfil this objective it is nec- 
essary to develop applications that support distributed interactive simulation 
with an interface near the real world. This paper describes such type of applica- 
tion during the development of a training simulator prototype for a nuclear 
power plant. The simulator is based on a client/server architecture that allows 
the execution on different machines in a network and many users to participate 
in the same simulation. The interface was designed to support the interaction of 
the operators with the simulator through touch screens with high fidelity dis- 
plays of the control room developed using the component technology. The main 
features of the simulator are the distributed execution of the models using inex- 
pensive hardware and the flexibility of design and maintenance of the interface. 



1 Introduction 

An important factor in the security and reliability of industrial processes is the training 
of the operators that intervene in them. Such training should cover stages of normal 
operation and of emergency in order to prepare the personnel in the pursuit of the 
procedures of emergency and mitigate the consequences of an anomaly in the produc- 
tion process [1]. This last factor is particularly important in the nuclear sector, where it 
is recognised that human factors are key elements in order to assure a safe operation 
[2]. In order to fulfd this objective, the problem has traditionally been solved by 
means of the construction of computing full-scope simulators that reproduce physi- 
cally the control room, supported by expensive and proprietary systems. The main 
advantage is that they reproduce exactly all the factors that intervene in the man- 
machine interface of the process. 

The advances in the computing power of microprocessors, as well as the develop- 
ment of protocols to communicate over software components, has made it possible to 
apply Client/Server architecture to simulation. It enables the simulator user interface 
to run in one computer (client) and the simulator software in another (server). Moreo- 
ver, the development of multimedia techniques and devices, allow the replica of real 
panels by soft panels composed of indicators and operational switches incorporated by 
means of computer graphics, touch screen interactivity and audio characteristics. 

F. Pichler, R. Moreno-Diaz, and P. Kopacek (Eds.): EUROCAST’99, LNCS 1798, pp. 334-342, 2000. 
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This paper describes the design and development of a training simulator for a nu- 
clear power plant with almost the same functions and scope of simulation as a full 
scope simulator. The interaction of the operators with the simulator is carried out 
through touch screens. The specifications of the simulator were high fidelity of the 
power generation system, flexibility, extendibility and recording of response data. The 
first specification fulfils the technical requirements of the simulator with sufficient 
accuracy. The second and third specifications mean that it must be easy to change 
freely the arrangements of instruments, switches, indicators, etc., and that it must be 
possible to add new systems or displays to the simulator easily. The last specification 
enables the simulator to record data concerning human behaviour in response to mal- 
functions. 

The paper is organized as follows. In section 2 we describe the environment where 
the simulator will be executed: the RNI’s OpenSim NT™ simulator executive, paying 
attention in those aspects more related to this project. In section 3 we introduce the 
object oriented component technology and analyze the soft panels development proc- 
ess. In section 4 we present the simulator’s architecture. We describe how the soft 
panels are integrated onto the simulation environment, the modules that comprise the 
simulator and the chosen configuration for an effective user interaction. Finally, in 
section 5 we present a complete prototype that is currently available and expose the 
main conclusions derived from its development and the operators feedback. 



2 Simulation Environment 

The simulator is based on the real time simulator executive called OpenSim NT^^ 
of RNI Technologies [3]. The PC/Windows NT technology has increased competition 
and decreased cost, allowing the use of standard, off the shelf hardware and software 
for functions that, in the past, were performed by proprietary, specialised hardware 
and software. It allows, in conjunction with the physical models of the reference plant, 
to verify the requirements included in the ANSI 3.5 for nuclear plant simulators. As an 
open environment based on software standards it simplifies the task of adding new 
modules to extend its capabilities. This feature has been widely applied to the devel- 
opment of this simulator. 

The OpenSim NT™ software architecture consists of servers, a client library, cli- 
ents, and an operating system interface library. Client applications normally access the 
various services provided by the servers contained in the client library, that is designed 
to allow the use of separate processes executed on different machines in a network. 
The operating system interface library provides a portable application interface to 
several process control services used in real-time applications which are not uniformly 
implemented in Unix and non-Unix operating systems. The use of threads allows the 
distribution of processes over multiple processors. 

A single server, called the directory server, provides the location and Remote Pro- 
cedure Call (RPC) numbers of the servers which comprise a project, along with the 
root point of the project's directory hierarchy. An OpenSim NT project is logically 
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divided into the development system and the run-time system. The processors which 
make up the run time system can communicate with each other using the shared mem- 
ory and semaphore services, and between themselves and the development system 
processors using the network services based on the standard ONC RPC/XDR to create 
the client/server environment. To aid in the maintenance of the simulator is provided a 
database manager that uses a library written to the ODBC standard and allows to use 
any commercial database with this driver. 

The module named simulator control server, provides a control and monitoring in- 
terface to the simulator executive and I/O processing systems. This server executes in 
the run-time system because it requires both memory mapped access to the global 
partitions and use of the semaphore service to control the executive system. The serv- 
ices provided by the simulator control server are available to any client which includes 
the simulator control (this provides control functions including freeze, run, reset, snap- 
shot, module in/out control, module query, I/O override manipulation, and I/O query) 
and the operator action monitor (this provides a way for clients to obtain control panel 
device manipulation data from the simulator executive system). 

The components of the typical simulator configuration includes a simulator com- 
puter, a system server, the instruction station and the site network. The simulator com- 
puter has to be preferred a multiprocessor PC because it support the real time execu- 
tion of the simulator models. The system server is a PC that contains the simulator 
database, initial condition files, simulation model source code and instructor data files. 
From the instructor station the simulation models running on the simulator computer 
may be monitored and manipulated and instructor inputs and training scenarios may 
be inserted. A fast ethemet network is used for the simulator system. 

The models of the simulator should be developed and tested using a engineering 
workstation in the form of a static library. Normally the Fortran language is used for 
this purpose and the Matlab or ACSL environment to design the control systems. 

OpenSim NT™ also includes a broad set of utilities designed to perform varied 
tasks like FORTRAN and C code precompiling, initial conditions generation, database 
labels searching, simulator executive linking or execution time control. The modules 
that constitute the simulator use one of this tools, a Dynamic Data Exchange (DDE) 
server, to obtain and/or modify simulator data in run-time. This utility is enclosed to 
allow OpenSim to be accessed by third party applications through Windows DDE 
protocol. The DDE conversation is established between the client module and an in- 
termediate DDE server which communicates directly with OpenSim using RPC. This 
data exchange method simplifies the development process of our modules avoiding 
RPC programming. 



3 Soft Panels Development 



The simulator being developed is a multimedia application that thoroughly imple- 
ments that concept. As we explain next, we profited from the last advances in object- 
oriented programming and image processing techniques, in addition to the constant 
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progress in computing hardware performance and price reduction, to develop an inex- 
pensive interface for the whole control room that uses touch screens and common 
PC/NT platforms instead of mice and workstations. 

The interface plays a major role in this type of simulators and the configuration 
should allows many users can interact with the simulation in real time. As we mention 
above the interaction of the operators with the simulator is carried out through several 
touch screens displaying high fidelity of animated images of the elements in the con- 
trol room during the operation (hard panels). The scale of the images is tried to be 
constant comparing with reality. In the prototype it was used a scale of 40-45%. 



3.1 Application of Component Technology 

The interaction of the operators with the simulator is carried out through several 
screens displaying high fidelity animated images of the elements in the control room. 
As we said above these screens are named soft panels. 

The last advances in object oriented software development simplifies the fast con- 
struction of this kind of applications. We use Microsoft’s ActiveX component tech- 
nology to simulate the panels devices. With this kind of components it is possible to 
replicate easily and quickly the control room panels. This technology uses the standard 
Component Object Model (COM) to enable software components to interact with one 
another in a networked environment, regardless of the language in which they were 
created. Usually they are developed with Visual C++ to be inserted in Visual Basic 
forms. Looking for the best performance we use Visual C++ during the development 
of the whole application. Thinking in future improvements, an interesting feature of 
ActiveX technology is that it can be used to create applications to run on the Internet 
besides the desktop. 

In our application every element in the control room becomes an ActiveX control 
(formerly known as an OLE control), i.e. an small in-process server that can be used 
in any OLE container. Thus, each control is a reusable software object that supports a 
wide variety of OLE functionality and can be easily customized to fit our simulation 
needs. Its appearance and behavior is defined by means of stock and custom properties 
and methods, similar in use and purpose, respectively, to member variables and mem- 
ber functions of a C++ class. The control container communicates with the object 
accessing to these properties and methods. The ActiveX control also sends messages, 
‘fires events’ in the ActiveX jargon, to notify the container that something important 
has happened in the control, usually a change of state or an user action. With this 
approach we have achieved a solution that is economical both in cost and in effort in 
the construction of the soft panels. 

The first step during the design of the simulator was the identification and classi- 
fication of the current objects in the hard panels layouts. Basically, they can be of two 
types: switches and indicators. The first ones include all the objects able to receive 
input from the user (valves and pumps switches, buttons, keys, knobs, selectors, slid- 
ers...) while the others are solely used to display operational data. Restricted to the 
front panels of the control room we found more than five hundred objects of each type 
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besides one thousand lamps and six hundred annunciators in the alarm panels that also 
have to be simulated. It is easy to understand the value of the reusability offered by 
this object oriented technology. 

Then it was specified the functionality and properties of each object and they 
were classified again in smaller groups; for instance, there are black, green, red, blue 
and yellow valves switches, with different kinds of handles and with two, three or 
even four available positions which could either remain fixed or return to the central 
position after the user interaction. This task helped us to decide the number of distinct 
ActiveX controls to be used and their required properties that would serve to represent 
every control room component. 

Due to the specific features of switches, we created for them a fully customized 
ActiveX control. Thereby, we could incorporate the needed functionality to allow 
them to run as independent client applications capable of communicating directly with 
OpenSim through the DDE server. The simulator signals corresponding to each one of 
the switch positions are defined as a control property. Its appearance, as happens with 
all the used controls, is specified by means of image properties. Besides a sound file 
can be associated with the object to provide the user with the appropriate feedback 
after the interaction. 

The images are created from digital pictures of the real device treated as much as 
needed with image processing tools. With the advanced digital cameras and programs 
currently available, the obtained degree of physical fidelity is only limited by the ef- 
fort devoted to this stage of the development process, in any event much lower than if 
we had have to draw the components with painting or design tools. 

Based on the acquired experience, we created other customized ActiveX control 
to represent the lamps and all the switches with only two positions (mainly keys and 
pushbuttons). This simpler object, characterized by its two states, also includes the 
functionality to communicate directly with the simulator. 

The rest of components (analog and digital indicators such us linear and angular 
gauges, odometers or LED’s and some complex switches as selectors and knobs) were 
acquired from third party vendors. There are a lot of affordable ActiveX instrumenta- 
tion libraries for sale and many of them include the kind of objects found in the con- 
trol room of a nuclear plant. Since they are fully configurable and also permit to select 
an image as the object background is possible to represent with enormous fidelity 
almost any object. For instance, we have used components from Global Majic Soft- 
ware Inc. and Quinn-Curtis Inc. with good results. As we explain in the following 
section the container application must be responsible of the linkage of these third party 
objects to the simulator data. 



3.2 Interactive Panels 

As explained above, the ActiveX controls are incorporated into the windows or dia- 
logs of control containers applications in order to be executed. Therefore every screen, 
or soft panel, that comprises the simulator interface is a dialog based ActiveX control 
container application. Besides holding the controls and showing them arranged as in 
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the real panels, this application starts the execution of the DDE server that manages 
the communication of the controls with OpenSim, initializes the controls in the posi- 
tions corresponding to the state of the sequence being simulated and updates the indi- 
cators with new data every time they are changed. 

It must be kept in mind that while our customized components are directly linked 
to a simulator signal in the same way a real object is wired in the back side of the 
panel, the rest of components have to be associated to their corresponding OpenSim 
signal, or signals, in the container application. The index of the object in the dialog is 
used as a reference to identify the associated signal when the soft panel is refreshed. 
Thus, the container application must maintain its own conversation with the DDE 
server acting as a new OpenSim client. 

The scale of the images in the interactive panels is tried to be constant comparing 
with reality. We use a scale of 40-45% and so this simulator will be a full scope half 
scale simulator with important physical space savings for accommodating the tool. 
This size is also intended to avoid the necessity of navigation through the panels or its 
elements, i.e., all the panels and its components will be visible while the simulator is 
running and accessible by a single touch on the screen without menus nor scrollbars. 

Finally, to simplify even more the development process we have included a mod- 
ule in all the container applications that reads the numerous labels captions of the 
simulated panel from a text file and puts them on the corresponding tags already 
drawn in the soft panel. From this file the developer can also specify the font style and 
colors of the tag. 



3.3 Alarms Panels 

The same techniques have been applied to the development of alarms panels which 
reproduce the full logic and functionality of the real ones, including colors, flash fre- 
quency and sounds. The main difference with the rest of panels is that the pushbuttons 
that controls their operation (silence, acknowledge, reset and test functions) are not 
located in the same panel and so they do not have to be interactive. 

Since there are only two types of distinct alarm panels we have developed just 
two container applications to represent the fifteen alarms panels found in the control 
room. Each aimunciator is an ActiveX control which the container animates applying 
the panel functionality. In the same way we used with the labels of the interactive 
panels, a text file serves to specify the captions, font style and colors of the annuncia- 
tors. Furthermore, the associated simulator signals and sound files are read from the 
file too, resulting in entirely configurable panels. 



4 Simulator Configuration 

As we said above the special features of the OpenSim NT™ environment facilitates 
the integration of new modules in the simulator configuration. This simulator extends 
a typical OpenSim project, as shown in figure 1, with the container applications that 
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constitute the interactive and alarm panels and also with an extra module able to feed 
in real time the simulation data version of the updated plant Safety Parameter Display 
System [4] with the output of the sequence being simulated. 

The SPDS module intends that the operators have, during the training sessions, 
the same information of the plant state that they use when working at the actual con- 
trol room. The module can be launched and stopped from the instructor station with a 
single click of the mouse. It uses an especially developed DDE server to maintain 
updated, with the desired frequency, the more than six hundred signals currently re- 
quired by the SPDS. The packets of simulated data are sent to the SPDS information 
system using FTP. 

Figure 1 shows that, in our case, the system server and the simulator computer are 
the same machine, a PC with two Pentium II processors at 400 Mhz. The rest of com- 
puters do not demand particular features so inexpensive PCs of medium performance 
are enough. 

With regard to the hardware responsible of the user interface we searched in the 
market many options: big-sized high resolution CRT monitors, FCD TFT flat displays 
or rear screen projectors for the visualization; and mice, remote controls or touch 
screens for the interaction. Eventually we have chosen 21” inches CRT monitors with 
a resolution of 1600x1200 pixels and resistive touch screens to implement the proto- 
type presented in the following section. This decision seems to be, at the moment, the 
best solution keeping in mind both cost and performance. Smaller or less resolution 
displays are not useful to obtain clear images easily accessible by the user and other 
touch screens technologies do not offer the desired degree of accuracy. If available, 
these requirements applied to flat displays or projectors result in not affordable costs. 
We expect that in the near future technology advances will make these options more 
feasible. Then we could use them to show our already available soft panels without 
extra development effort. 




SPDS 




Fig. 1. Simulator configuration 

Each one of the soft panels runs on its own PC uniquely assigned. To simplify the 
initialization procedure the corresponding soft panel module is launched without any 
user action every time its PC is turned on. The instructor manages the execution of the 
simulator from the instructor station and the panels are updated automatically every 
time the initial conditions of the simulated sequence are changed. This feature elimi- 
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nates the task of manual switch checking that must be accomplished in a hard panel 
simulator in those occasions. 



5 Results and Conclusions 

In order to test the users response to this kind of interface, a prototype of a full panel 
has been implemented. With this panel the operator is able to control the Emergency 
Core Cooling System (ECCS). It consists of eight touch screens displaying switches 
and indicators, two alarms panels and two SPDS monitors. The monitors are oriented 
in such a maimer that reproduces the actual panel disposition. Figure 2 shows a com- 
position image of four of the soft panels that compose the prototype. 

The instructor and operators have tested the prototype using it to prepare and 
carry out the same kind of exercises they follow in the usual training sessions at the 
hard panel full scale simulator. In a short time the user gets familiarized with the 
simulator interface and interacts with the panels in a natural way. The results of this 
experience shows that this tool can fulfill many of the training requirements. 




Fig. 2. Composition of four soft panels used in the prototype 

We conclude that the component based soft panels interface approach represents 
an optimum solution in terms of performance, cost and effort in the development of 
full scope simulators. Apart from its suitability to be used as a training tool, this kind 
of interface increases the flexibility of the use of the simulator. For instance control 
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room design changes can be proposed and tested in the simulator before its implanta- 
tion, getting the previous approval of operators. Moreover, the possibility of distribu- 
tion across the local area network simplifies its use by different departments. Finally, 
the open environment in which it is integrated guarantees the system extensibility. 

The first step during the design was the identification and classification of the cur- 
rent objects in the layouts of the hard panels. Basically, they can be of two types: 
switches and indicators. After this classification it was specified the functionality and 
properties of each object. The development of the soft panels was performed using 
ActiveX components technology. Due the specific features of the switches, they were 
developed using Visual C-i-i-. The rest of the components were acquire from third 
party vendors. 

With these components it is possible to reproduce easily and quickly the control 
panels of the control room. These include components such as gauges (linear and 
angular), sliders, selectors, knobs, leds, odometers, switches, alarms, etc. They can 
show images and sounds as resources of the simulated component and can be linked to 
a simulator signal in the same way a real object is wired in the back side of the panel. 
As an example, the Figure 1 shows a composition image of four soft panels. With this 
approach we have achieved a solution which is economical both in cost and in effort in 
the design of the soft panels. 

The use of soft panels has increased the flexibility of the use of the simulator be- 
cause it can be proposed design changes in the control room and tested with the simu- 
lator before its implantation getting the approval of operators. This can de done with 
lower maintenance costs. The next stage of the research will be the use of Java as a 
development language and the use of standard browsers such as Netscape or Internet 
Explorer for the displays of the soft panels. Moreover, the simulator executive could 
support distributed simulations of the systems over Internet. 
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Abstract. Starting from a continuous follow-the-leader model for indi- 
vidual vehicle motion a stochastic term is added in order to account for 
the elementary randomness of driving. In a suitably defined stationary 
state thus an equilibrium distribution of nearest-neighbour distances is 
spanned up which allows to understand the “fundamental diagram” of 
macroscopic traffic flow modelling as the ensemble average of the micros- 
copic characteristic function. Estimates for the distribution width and a 
comparison with simulation results are given. 



1 Introduction 

Modelling of vehicular traffic flow by means of physical tools seems, on first 
glance, to follow a familiar pattern: microscopic deterministic rules for the mo- 
tion of individual cars are complemented with an evolution picture of averaged 
macroscopic quantities, e.g. the probability distribution function f{x, v, t) to find 
a car with velocity v at position x at any given time t. Prominent examples for 
the former are models on the basis of cellular automata (CA) [1] - [8] which - 
due to discretization and the replacement of Newtonian differential equations of 
motion by a set of rules - are extremely computer-friendly and can, thus, handle 
very large systems. Continuous microscopic models exist also; one of them will 
be the exemplary subject of more detailed argumentation further below. 

Macroscopic modelling started with the observation by Lighthill and Whit- 
ham [9] that flowing traffic resembles flowing water and that hydrodynamics 
should provide a useful theoretical tool. Extensions of the theory were given 
for instance by Kiihne [10,11], Kerner and Konhauser [12,13] and Helbing [14]. 
The distribution function mentioned above as the center point of modelling was 
introduced by Prigogine and Herman [15] and carried further later on [16,17]. 
It should be mentioned that hydrodynamics and distribution function approach 
are closely connected: mean density c{x,t), mean velocity v{x,t), mean velocity 
variance and so on are found as consecutive velocity moments f dv v'' f{x, v, t) 
of the distribution function. 

Although the analogy to hydrodynamics seems to present a strong argument, 
a decisive qualification has to be made with respect to the numbers involved. In 
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the case of an ordinary liquid or gas, the microscopic distribution function 

N{x,v,t) = S{x - Xi{t))S{v - Vi{t)) (1) 

i 

is averaged over a macroscopic number of individual particles i in order to arrive 
at f{x,v,t) and yet the scales of the coarse-grained variables x and v are still 
very small in comparison with any structure of /, in other words, a “point” 
is well-defined. In traffic flow, on the other hand, the averaging ensemble may 
contain only some dozen individual cars and still spread over several hundred 
meters which is the same spatial scale as that of macroscopic structure evolution 
itself. As a consequence, a principal limit of resolution for macroscopic analysis 
arises, defining, thereby, also the adequate macroscopic time scale. 

This blurring of scales also affects the nature of stochastic forces as will be 
dwelled upon in the following section. In a liquid or a gas, the stochastic picture 
of Einstein or Smoluchowski (see [18] for an overview) assumes a test particle 
to experience a large number of random, <5-like collisions during the propagation 
from one macroscopic “point” to another. The analysis of this kind of motion 
gave rise to an own branch of mathematics, i.e. the Ito and Stratonovich cal- 
culus. In the traffic ffow problem, the elementary time step ti is given by the 
driver’s reaction time to sudden perturbations. Obviously, no faster processes 
can be imagined. This time step is, however, the same as the one that governs 
the deterministic microscopic motion itself. As a consequence, the conventional 
concept of very short, sudden acceleration (or deceleration) changes does not ap- 
ply; in the overall motion the effects of deterministic and stochastic acceleration 
cannot be clearly separated anymore. Granting the drivers this kind of indecisi- 
veness then leads to the assertion that for the individual vehicle a steady state 
Xi = const, can never be reached. It is only in terms of the averaged quantities 
(for example f{x,v,t)) and, consequently, on an appropriate time scale T 2 t\ 
that a steady state can be sensibly defined. Since such a steady state is the 
basis for the phenomenological relations of the macroscopic modelling school, T 2 
presents also the frame for the so-called “fundamental diagram” (ED). The ED 
relates - in a steady state - the mean density c of traffic flow to the mean speed 
Vb(c) or the flux Qo{c) = cVo(c) and has, obviously, to derive from the micros- 
copic motions, interactions and, crucially, the “molecular chaos” of driving. It is 
the aim of this paper to clarify this relationship. 

The following section is devoted to the design and study of an explicit sto- 
chastic microscopic model; section IV, then, discusses the ensuing implications 
for macroscopic relaxation equations. 

2 Randomness in the Microscopic Motion: 

Model Bnild-Up 

2.1 Optimal Velocity Model and Fundamental Diagram 

It has been mentioned above that CA-based models hinge on a - sometimes 
brute force - discretization of phase space which makes them cumbersome to 




Microscopic Randomness and Fnndamental Diagram 345 



analyze (although studies of formalized models exist, such as [19]). On the other 
hand, CA models include the natural microscopic randomness of driving men- 
tioned in the Introduction. Due to the discretization, however, this stochasticity 
produces unrealistically large fluctuations (a typical discretization of the velo- 
city range would be into five steps; for the german autobahn maximum speed 
of 130 km/h this would entail a minimum of the random velocity changes of 26 
km/h per simulation time step i.e. usually one second, resulting in near gravi- 
tational accelerations!). Thus, obviously, a need for an alternative approach to 
the randomness of driving is called for. It should be mentioned, though, that 
the CA stochasticity automatically acknowledges the other feature of microsco- 
pic fluctuativity discussed above, namely, to be of the same time scale as the 
deterministic motion itself which is given by the simulation time step. 

As a continuous variant, the “Optimal Velocity Model” (OVM) [20,21] pre- 
sents a set of coupled differential equations for the positions Xi of the ith vehicle: 

X, = ^ \Vb (Axi) - Xi] 

Z\Xj — Xj_)_i Xi . (2) 

Here, t\ is the elementary time step mentioned above and found from experi- 
ments [20] to be of the order ~ 0.5 sec. The crucial element of eqn. (2) is the 
function Vb, the so-called “optimal velocity” function. It gives the optimal speed 
a driver should assume in dependence on the distance to the car in front: 



VsiAxi) = Vo [tanh(0.0860(Z\a;i - 25)) -k 0.97323] (3) 

(distances in meters) . The action of Vb becomes clear immediately: zero distance 
dictates stand-still whereas for infinite distances Axi the maximum speed vq is 
assumed. It is intuitively clear that the degree of determinism presented by eqn. 
(2) is much too strong - it resembles a machine-like “cruise cotrol”. In reality, 
drivers will rather fluctuate around the “optimal” velocity with the important 
boundary condition, however, to avoid crashes. 

The function Vb is, furthermore, closely related to the “fundamental dia- 
gram” Vq(c) of the macroscopic picture of traffic flow relating the mean density 
c of traffic to the mean speed, for instance in the parametrization of Kerner and 
Konhauser [12]: 



Vq — Vk (c; Uq, Cmax) — 



Vo 



1 + exp 



11-1 



- 0.25 /0.06 



- 3.7210 



-6 



(4) 



(here, c in vehicles per km with the saturation density Cmax = 200 veh./km and 
Vq the free maximum speed) . Vq acts in the same fashion as the optimal velocity 
function Vb of the OVM, the saturation density Cmax corresponding to zero head- 
way Axi = 0. However, it has to be emphasized again at this point that while 
eqn. (3) prescribes a pair interaction, eqn. (4) presents a collective phenome- 
non, i.e. the average over a number of pair interactions. Following the reasoning 
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given above, this average must involve the time scale T 2 and the microscopic 
randomness: 






{Vb) 



microscopic fluctuations 



( 5 ) 



Relation (5) has the same character as, say, the relation between Lennard-Jones 
potential and Carnahan-Starling pressure in conventional statistical mechanics. 



2.2 Random Acceleration 

In order to account for the fluctuations in the drivers’ behaviour, the usual pro- 
cedure is to add a stochastic acceleration term on the rhs of eqn. (2). (It should 
be mentioned at this point that Kiihne [1 1] proposed a stochastic acceleration in 
the equation for the macroscopic mean speed v{x,t). In the line of the argument 
developed above, however, the randomness of traffic flow has to be accounted 
for on the microscopic level; it is difficult to envisage concerted fluctuations of 
an entire coarse-graining ensemble of vehicles as is the basis for the macroscopic 
equations.) This term has to be designed, then, in such a way as to agree with the 
qualitative arguments given above: First, the minimum time scale on which the 
stochastic acceleration varies is given by the same ri that governs the determi- 
nistic microscopic motion (2). Consequently, it cannot be a Langevin-type force 
but has to be an ordinary, continuous function of time. Second, the amplitude 
of the random acceleration has to scale in some form or other with the velocity 
itself in order to avoid crashes. Third, a time average on the macroscopic scale 
T 2 equal to zero has to exist, thereby defining the steady state (xi)i -2 = const., 
the prerequisite for the existence of the fundamental diagram. These demands 
are met by the form: 



^random ^ O 
Tl 

Ns 

6(f) = Q X! + 4>,j] (6) 

3 

with random frequencies G [w_,w+], random phases (j>ij G [0, 27t] and ran- 
dom amplitudes Qj G [0, 1] for a number of modes . (Note, that the negative 
range of amplitudes [—1,0] is subsumed into the random phases.) Since on the 
scale T 2 the random forces must average to zero, the short-wave limit is given 
by oj- = T 2 ^, whereas the elementary time step presents the long- wave limit 
The numerical scaling factor a is to be determined from, desirably, 
experiments, or simulations. 

The normalization of is best connected with the average of its mean square 
on the time scale T 2 as is customary in the context of stochastic problems (see 
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such that for the Qj being equidistributed on [0, 1] is normalized to: 




Of course, any number of shapes for ^i(t) can be imagined. The one given 
in (6) - (8) is the simplest one meeting the conditions set above. Let us define, 
then, the Random Optimal Velocity Model (ROVM): 

Xi= ^ [Vb {Axi) - Xi] + ^ Vb (Axt) . (9) 

A first qualitative point with respect to the behaviour of the ROVM can be made: 
The shape of the random function is such that in situations with strong none- 
quilibrium, Vb V <C) ij, the first term on the rhs of (9), i.e. the deterministic 
relaxation, dominates the motion. For ~ Vb, obviously, the stochastic accele- 
ration does leading to a conventional multiplicative noise problem. Traffic flow 
can thus be thought of as a dynamics with controlled noise: there exists a band of 
velocity fluctuations in which stochastic motion is possible. Fluctuations leading 
out of this band will be damped out by a strong determinism (i.e. to assume the 
permissible maximum speed while avoiding crashes). The steady state of traffic 
ffow then is, in this picture, characterized by stationary distributions of velo- 
cities, or, equivalently, nearest neighbour distances, within this velocity band. 
This distribution allows for evaluating averages as in (5). It should be commen- 
ted that only on the time scale T 2 a sufficient number of events occur in order to 
fill the distribution. In the following section, properties of this distribution are 
investigated. 



3 Randomness in the Microscopic Motion: Ensemble 
Properties 



As argued above, the continuum description of traffic ffow necessarily involves 
the macroscopic time scale T 2 - The microscopic randomness - the “molecular 
chaos” of traffic flow, so to speak - as expressed by the random function ^i{t) 
then, in local equilibrium, spans up the probability distribution of distances 
around some mean value d, Pd{d; d). In a steady state (as argued above, with 
respect to T 2 ), Pd is stationary and allows to establish the connection between 
individual velocities and the fundamental diagram in the spirit of (5): 



Vo(c) = J dd'VB{d')Pd{d';d) 
1 

c = ^ 

d + b 



( 10 ) 



where b is an effective car length, typically chosen 5 . . . 7.5 m. The following two 
paragraphs present discussions of Pd and the fundamental diagram. 
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3.1 Distance Variability 

Analysis of the fluctuativity of the distance variables dt = Xi+\ — in a coarse- 
graining ensemble of vehicles can best be carried out starting from a rewritten 
ROVM: 

■■ 1 r -IQ; 

di= — VB{di+i) — VB{di) — d% H (H) 

Ti L j Ti 

Assuming a traffic situation where distances in the ensemble vary only a little 
around some value d, it is justified to linearize eqn. (11). Noting further that 
= 2(^f) and assuming di+i = d (i.e. the frontrunner represen- 
ting the ensemble average), one has for a small elongation Ad (vehicle index i 
dropped): 

Ad= - AdAd-Ad +V2-VBd^{t) ( 12 ) 

Ti L J n 

with ^ constructed as in (6) and Ad shorthand for dVB/dd\d- The solution of 
eqn. (12) can immediately be written down: 

1 

Ad ~ 2 an VB{d) Q X ^ Q [(A^n - + n] 

3 

cos[fijrj + (j)j\ — {AdTi — 17|) sin[l7j?7 -|- 4>j\] (13) 

where 

Qj = 2TTUjjTi , rj = tjT\ . (14) 

Integral to this solution is, of course, the mean speed (ii)r 2 = VB{d) of the 
coarse-graining ensemble. The solution (13) displays further the property 
{Ad)r 2 — 0, which is, however, a consequence of linearization. In a full ana- 
lysis of the ROVM the mean value of Ad is itself expected to have a drift due 
to the asymmetry of Vb (d) . 

Over long times T2, the microscopic events fill up Ad{t) and thus the proba- 
bility distribution Pd{d', d). While it is impossible to extract the exact analytical 
shape of Pd from (13), a measure for its width can be found via the average of 
the mean square. As in the normalization of (eqns. (7, 8)), this assigns every 
mode j a weight f sin^ or cos^ = 1/2 and cancels cross terms whence eqn. (13) 
with (C|) = 1/3 from the assumed equidistribution yields: 

((Ad)%, = 2 (an VB(d)f — (15) 

^ j 

Assuming that each mode j will realize a frequency f2j with a certain probability 
(here for simplicity taken as 1/(17+ — 17_)) out of the interval [17_, 12+], the sum 
in (15) can be rewritten: 

■!^+ _ ^ 
{{Adf)r, = {aTiVB{d)y J dQ' ^ (AdTi-Q'")" + Q'" 

n_ ^ 



( 16 ) 
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and evaluated to: 



and 



where 



2(aVB{d)rif 



{{AdY) = 



— [2_ Vl — 4:AdTi 



arctan 






arctan 



1 _ Adn - 






Z — f^A 






- > 



z — f 2 — 



d e 

L 

{{AdY) = 



{aVsidYiY 



Q+ - 



4(AldTi)^ sinz? 



sin — In 
2 



z'^ + AdTi + 2zYAdTi cos 



2 ^ + AldTi — 2zy/Adji cos d2 

-\ ^ z—f2^ 



2 cos — arctan 
2 



^ - cldTi 

2zYAdTi sin I 



2AdTi - 1 



z — Q _ 



“^AdTi 



d = arccos 

The interval boundaries d^^’^^(ri) are given by the roots of 

. dVB\ 



dd 



-1 = 0 . 



d(l,2) 



(17) 



(18) 



(19) 



(20) 



Only for t\ > Tc — 0.18 sec real solutions d*^^’^^(ri) and, correspondingly, the 
regime (18) exist such that Tc with d^^\rc) = d^‘^\Tc) = 25 m is established 
as a model-inherent critical value for the microscopic relaxation time. Fig. 3.1, 
however, shows the criticality of {{AdY) with ri to be merely mathematical, 
i.e. {{AdY) to be continuous at the interval boundaries Nevertheless, it 




350 



H. Lehmann 



seems worth pointing out that the mathematical analysis of the ROVM yields 
a time scale which can, thus, be regarded as the analytical counterpart to the 
value Ti ~ 0.5 sec found from a fit of real-traffic data [20]. Furthermore, the 
dependence on the actual value of the individual microscopic relaxation time 
Ti is rather weak. This becomes plausible by comparison of the microscopic 
relaxation processes and the random wavelengths in ^(t), reactions to the 
fluctuations of the car in front are faster or of the same temporal order as the 
fluctuations themselves such that in the coarse-graining average the Ti-effect 
remains small. 

Fig. 3.1, furthermore, clearly displays the effects of coupling the random ac- 
celeration ^{t) to the characteristic velocity function Vsid): for small values of 
d the fluctuations have to leave the traffic crash-free such that {{Ad)'^) — >■ 0 
in that limit. For large distances (or, see eq. (10), zero density and, thus, the 
interaction-free limit) Pd{d; d — >■ oo) = P^^^d) becomes independent of the 
mean distance. Consequently, the corresponding velocity distribution does not 
depend on the density, either. In the modelling work of Prigogine and Herman 
[15] a strongly related single-particle property is introduced as the “distribution 
of desired speeds” , representing differing intentions of drivers in non-interacting 
traffic. It should be pointed out, though, that, while similar in shape and ef- 
fect, such a phenomenological distribution of deterministically set velocities is 
fundamentally different from one given rise to by microscopic fluctuations. The 
relation to the macroscopic traffic flow picture is discussed in more detail in sec. 
IV. 

3.2 Velocity Fluctuations and the Fundamental Diagram 

Within the assumption of local equilibrium the distribution of distances discus- 
sed in the foregoing paragraph is, in the spirit of eqn. (10), uniquely connected 
to that of the velocities such that the averaged steady-state velocity, i.e. the 
fundamental diagram Vq(c), can be expressed as: 

V = Vo{c) = j dd' Vsid') Pd{d; d) . (21) 

Restricting the ROVM (9) to the assumption of instantaneous relaxation, 

Veid,) cs Vb(J) , (22) 

a first-order problem for the velocities Vi = Xi arises: 

Vi = — [Vb(J) - Vi] + aVB{d)^i{t) (23) 

Tl 

This is the well studied Ornstein-Uhlenbeck process (if ^i is taken as customary 
white noise) for which the Fokker-Planck equation for the probability density 
p{v, t) to realize a certain velocity v at time t reads as: 

dt p{w, t) = —dnj {wp{w, t)) + t) 

Tl 2Ti 

w = V — Vsid) . 



( 24 ) 
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Fig. 1. distance variability A = ^ {{AdY) in m according to eqns. (17, 18) with 
numerical parameter a = 0.3 and the frequency interval = 0.2sec“'^, = 

2sec“^; the microscopic relaxation time r ranges from the critical value Tc to n = 
0.5 sec as taken from reference [20]; headways d in m. 



The properties of this process are well known such that the results for velocity 
mean and variance can be written down immediately: 






var {n(t)} 



Vb{3) + ( 

{aVB{d)f 

2 



v-VB{d)) 

1 _ e-2*/ri 



(25) 



The stationary solution Ps{v) : dtPs(v,t) = 0 presents, then, the Ornstein- 

Uhlenbeck estimate for the local equilibrium fluctuations of the velocities: 



Ps{v; d) = y/iraVBid) exp 



{v-VB{d)r 

{aVB{d)f . 



(26) 



Of course, the Gaussian shape of solution (26) can only be a rather crude ap- 
proximation since for certain velocities the probability has to be strictly zero in 
order to remain crash-free. This failure becomes decisive in the region near the 
permissible maximum speed vg- Eqn. (21) clearly shows that in this limit the di- 
stances d may vary widely while the velocity distribution simultaneously narrows 
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to a 5-shape. This effect is not contained in eqn. (26) which may serve, however, 
still as a first guess. The results of the foregoing paragraph, where the approxi- 
mation (21) was taken further by the term Addi, proved the Ti-dependence of 
the distance distribution width ((Z\d)^) (which is expected to arise in some 
scaled form in the velocity distribution function as well) to be, indeed, rather 
weak. 

From the Ornstein-Uhlenbeck argument (26) and the result for 
it seems to be justified to guess the shape of the local equilibrium distance 
distribution Pd as: 



Pd{d; d) 



\/27r((Z\d)2) exp 



(d- J)2 ■ 

WW). 



(27) 



whence it is possible, in the spirit of relation (10) to express the fundamental 
diagram in terms of microscopic features. 

Fig. 3.2 shows the thus obtained Vb(d) in comparison with the function Vsid) 
(which corresponds to the idealized state of “total cruise control”) and results 
of a direct simulation for intermediate headways (for very small and very large 
headways the velocity fluctuations vanish as argued elsewhere) . It is clearly reco- 
gnizable that, due to the fluctuations, the average velocity of the coarse-graining 
ensemble lies below that of the corresponding single-particle optimal velocity 
Vb- Furthermore, the estimate (27) in eqn. (21) agrees remarkably well with the 
simulations of the full ROVM (for an ensemble of 5 vehicles the coupled eqns. (9) 
were solved with = 3 random modes in the random functions eqn. (6). 
As the elementary time t\ = Tc was used with the averaging interval T 2 = 5 sec 
and the spectrum of the random frequencies uiij the same as in fig. 3.1. In or- 
der to guarantee the T 2 -average as a true steady state, a non-fiuctuating vehicle 
was placed in front of the averaging ensemble and the initial conditions set in 
accordance with the equilibrium solution v = VB{d).) In fig. 3.2 the velocity 
variance of the simulated ensemble is shown. Since, however, the microscopic ve- 
locity distribution function is not directly accessible, the shown quantity is the 
variance ((Vs(d) — Vb {S)) )■ For large distances d the characteristic function 
Vb is constant whence the depicted variance tends to zero. Between this limit 
and the bound traffic limit d — >■ 0, in which the scaling of the fiuctuations also 
dictates vanishing velocity variance, exists a transition regime with a variance 
maximum. This regime is important for the analysis of the critical properties 
of the ROVM. However, fig. 3.2 illustrates that, while qualitatively correct, the 
assumptions in deriving the distribution function Pd, eqn. (27), are not sufficient 
for an accurate analysis. Future work will have to be devoted to this problem. 



4 Relaxation Regime in Macroscopic Dynamics 

From the microscopic distribution function N{x,v,t), (1), the macroscopic one 
is obtained by an averaging procedure which involves, as reasoned above, the 
time scale T 2 '- 



f{x,v,t) = {N{x,v,t))r^ 



(28) 
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Fig. 2. average velocities in the ROVM for ri = Tc (see eqn. (20)); solid line: funda- 
mental diagram Vb(d) according to eqns. (21) with etimate (27), dashed line: “total 
cruise-control” limit Vs(d) as reference i.e. no microscopic randomness, points: simula- 
tions of the steady state average velocity (with ri = Tc and T 2 = 5 sec) of five coupled 
vehicles. 



If the ROVM (9) is assumed to describe the true microscopies of traffic flow, the 
evolution equation for / is found from the total time derivative of N\ 






= (^ 5\x- x^{t))5{v- Xi{t))+ Xi 5{x - x^{t))5\v- x^ {t))\ (29) 

\ ^ / To 



Inserting for Xi the ROVM (9) establishes the connection between microscopic 
and macroscopic dynamics much in the same way as the relation between optimal 
velocity function Vsid) and fundamental diagram discussed above. 

From the construction of / it is clear that T 2 presents a natural limit for 
its resolution. Any perturbation on the scale ri will need a number of pairwise 
interactions equal to the size of the averaging ensemble until it is Altered through 
to the coarse-grained variables. The second term on the rhs of eqn. (29) will 
thus constitute an evolution operator for the distribution function with T 2 as the 
elementary time. This is a necessary consequence of the macroscopic description 
and should be pointed out here since the literature contains some confusing 
statements with this respect. Writing (. . .}t 2 = I/t '2 / dt . . one can, with the 
assumption of local equilibrium (in the sense of the discussion around eqns. (13 - 
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var{V_B} 




Fig. 3. steady state velocity variance var{Vs} = {(VB{d) — Vb {<^)^) with Pd{d;d) 
according to (27) in comparison with the results of the simulation (points). While 
correct in shape, the estimate (27) is not sufficient to reproduce the measured variance. 
The transition regime from bound (small d) to free traffic (large d) with the variance 
maximum is important for the emergence of critical states in traffic flow. 



16), i.e. Xi^ const. \/i but (ii)r 2 = const) express the interaction term in (29): 

(^^[Vsid,)- Xi]S{x- Xi{t))S'{v- Xi {t))'^ = ^^[{{Vb) - v) f{x,v,t)] , 

(30) 

resulting in the equation of motion for /: 

[dt + vd^]f{x,v,t) = -—dy[{Vo{c{x,t))-v)f{x,v,t)] . (31) 

T2 



Several comments should be made with respect to eqn. (31). First, the time scale 
T 2 ~ 5 ... 7 sec as found from measurements [14,10,12] has been justified by ele- 
mentary coarse-graining considerations. Second, the form of the rhs of eqn. (31), 
although being different from the term — (/ — /o)/t 2 as given in [15] yields the 
same first two moment equations, i.e. the continuity and relaxation equation for 
the mean speed v. Third, the microscopic randomness has been subsumed into 
the shape of the function Vo(c). Of course, in strong non-equilibrium situation, 
local equilibrium will not be established and extra terms might emerge. It should 
be cautioned, though, that in such a case, the distribution function / with its 
problematic definition, (28), will not be a sensible entity of analysis anymore. 
Stochastic acceleration terms in equations for / or its moments seem, thus, ill 
motivated. Fourth, the interaction term of Prigogine and Herman [15] has to be 
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commented on. From a gas kinetic analogue, those authors derived a “collision” 
term (which might sound rather provocative in the context of vehicular traf- 
fic) . The notions of incoming and outgoing fluxes and probability of interaction 
become, while accurate for ordinary liquids or gases, however, problematic due 
to the small-sample size coarse-graining and the dimensionality of the problem. 
The divergences between Prigogine and Herman’s model and eqn. (31) can best 
be highlighted by studying the velocity variance var{u} = {v — v)^ 



.-.\3 



[dt + vdx] var{u} -I- -dx c(v — v) 



— 2 var{u}/r 2 



— var{u} — var(°){w} /t 2 — (1 — P)c{v — v)^ 



eqn. (31) 
ref. [15] 



(32) 



The parameter P, the probability of passing, has to be set zero in order to 
compare the strictly one-lane OVM with the approach of Prigogine and Her- 
man. While eqn. (31) leaves the interaction solely to an appropriately designed 
macroscopic characteristic function Vo{c{x,t)) (which can, as has been shown 
in the preceding sections, be referred to the microscopic interaction Vsid)), the 
Boltzmann-like argument of Prigogine and Herman results in a coupling to the 
third moment of the velocity distribution as well as the necessity to define and 
determine the stationary distribution of desired velocities As has been poin- 
ted in the context of fig. 3.2, the velocity variance is a decisive quantity with 
respect to the criticality of the system. It can be expected, then, that the dif- 
ferent forms in eqn. (32) will have consequences in the critical regime. Detailed 
studies have to be left, though, to future work. 



5 Conclusions 

The dichotomy between microscopic and macroscopic description of vehicular 
traffic is substantially different from the statistical physics of, say, ordinary li- 
quids due to the temporal and spatial scales not being clearly separated. Viewing 
flowing traffic as a continuum therefore necessarily involves an averaging proce- 
dure on the scales of macroscopic structure evolution itself. Hence, the applica- 
tion of standard tools of statistical physics has to be taken cum grano salis. For 
example, the usual picture of a stochastic force as a series of (5-like interactions 
has to be modified to account for the comparable time scales of fluctuation and 
deterministic motion. With the due caution, however, modelling and analysis 
can be carried out. 

The presented work had the aim to acknowledge the fluctuativity of the 
elementary driving process and to estimate its effects. Starting from the well- 
established “Optimal Velocity Model” (OVM) a stochastic acceleration was ad- 
ded to the equation of motion in order to account for the elementary randomness 
of driving. This acceleration was designed in such a way as to avoid crashes. Due 
to this random component, the individual cars can never reach a stationary state 
Xi = const.. A stationary state of traffic can, therefore, only be defined if a time 
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scale much larger than that of the OVM, T 2 » Ti, is introduced, and the cor- 
responding averages are considered. (t 2 is thus established as the natural time 
scale for the macroscopic equations.) The state {xi)r 2 = const, then, involves a 
distribution of microscopic nearest-neighbour distances Pd{d; d). With this dis- 
tribution it is possible to connect the phenomenological fundamental diagram 
of macroscopic modelling to the optimal velocity function of the OVM/ROVM. 
A Gaussian form of Pd with an estimate for its width from a linearized form of 
the ROVM produced remarkable coincidence with direct simulations. Analysis 
of the nearest-neighbour distance variability in the ROVM, furthermore, revea- 
led a model-inherent time constant Tc — 0.18 sec as the analytical counter-part 
of the value ti ~ 0.5 sec fitted from experiments. The attention of future work 
should be drawn to the study of flucutations in the critical regime where the 
nonlinear effects are expected to dominate. 
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Abstract. A model for the analysis of floating car data (FCD) in ur- 
ban road networks is proposed. In contrast to freeway traffic, structural 
features such as traffic lights are shown to dominate the dynamics - in 
a quasistationary picture - of such a network. Principles for obtaining a 
segment travel time depending on the mean vehicle density are discus- 
sed. Some remarks for the determination of this state variable are given, 
also on several segments. 



1 Introduction 

Modern traffic management systems are highly dependent on good knowledge of 
the current traffic loads in a route network. Therefore, the traffic has to be ob- 
served, and the measured traffic data is online communicated to a central unit. 
With additional information, extracted for example by police- and weather- 
reports, the incoming data is gathered in a database [14] and evaluated by the 
information system to provide a current picture of traffic state. The information 
on the state of the network and its future development can be used to control 
dynamic traffic guidance systems or directly for traffic light control. 

Conventional vehicle-detecting systems work primarily with induction loops or 
infrared sensors. This leads to continous measurement of state variables at fixed 
points, like local traffic volumes q, which are defined as the number of vehicles 
per time interval passing a road-cross-section and local velocities v, the average 
speed of a number of cars at a fixed point. 

Recent developments in the telematic sector have made it possible to equip more 
and more vehicles with trafhc-telematic instruments, such as navigation support 
systems [3,15]. In dynamic route guidance drivers must be informed about the 
current traffic state of their route. Additionally, it is possible to use the telematic 
instruments as measuring devices. Thus, a new kind of data, called floating car 
data will be of increasing importance. 
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Conventional Data Floating Car Data 




Fig. 1. Vehicle-Dectecting Technologies 



In contrast to conventional data, floating car data is received by a fleet of in- 
dividual cars. To reflect a general picture of the trafflc situation, each of them 
is required to float with the traffic flow (hence the name of the data). Nor- 
mally satellite-based navigation technologies, like the Global Positioning System 
(GPS), are used to determine the position of the test cars in the network and the 
current traffic information may be returned via GSM. These are the so-called 
online systems. To benefit from the structures in an urban area, the use of offline 
floating car systems seems more favourable. At certain fixed measuring points 
the cars equipped with tags are detected and their arrival time is transmitted 
online. They do not measure traffic densities or flow rates directly. It remains 
the task of a model to deduce these state variables from the given FGD. 

In opposition to continuous measurements, floating car data are discrete events. 
When arriving they include information about the previous time period. FGD 
is time variant and locally distributed over the considered network. In addition 
to the obtained travel times, FGD also supply important information on the 
trajectories of the vehicles. This plays an important role in analyzing the so- 
called “origin destination matrix” (ODM) (see also [2,7,8]) and is not accessible 
for mere counting data. 

In highway traffic the number of vehicles is maintained for long stretches of a 
road. Driving behaviour is described by the Fundamental Diagram. Assuming 
homogeneous conditions, simple inversion of the measured travel times yields the 
desired statements on the traffic situation. Other methods for analyzing traffic- 
data on motorways, for example with a Kalman-Filter, are described in [1]. 

In contrast, urban road networks are characterized by their structural features 
such as traffic lights, crossroads, number of lanes and so forth. This leads to a 
discontinuous traffic flow. Furthermore, the route between any two observation 
points will consist of several segments with highly fluctuating densities between 
them. Thus a more complex model is required for urban roads. 
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2 Aggregate Travel Time Model 

The aim of the model is to deduce a state variable from a measured travel time 
Iab ■ Therefore, the paths in the considered network are decomposed into certain 
segments, and for every segment a so-called ’’characteristic” fi(ci), which relates 
a travel time for this segment over a mean density, is determined. 

N 

fAB = ^b(ci) (1) 

i=l 

The obtained segment-characteristics take account into the structural features 
of each segment. 

For the development of the characteristic ti(ci) a mean density over a segment 
is assumed. This stationary request means that the passage over the segment 
has to be fast in comparison with a change of the overall traffic pattern. The 
requirement is fulfilled if, in segment i, the inflow gin is equal or very similar to 
the outflow gout- 

Furthermore, it can not be the aim of the model to account for temporal structu- 
res finer than traffic lights periods. Since the test cars will be distributed evenly 
over time, the segment times experienced in reality present an average over the 
traffic light periods. Thus, the model works with mean densities and mean travel 
times. This leads to a description of traffic state in terms of aggregate variables. 

The traffic in an urban network is dominated by waiting queues at crossroads and 
traffic-lights. So, a typical segment with length L of a route contains a queuing 
part Lqu and a free-flowing part {L — Lqu)- 

The total time to pass such a segment is therefore a combination of the time to 
pass the free part and the queuing part, and, additionally a statistical waiting 
time at a red traffic-light, and it is called the segment travel time 

b(ci) — tfree “t“ tqu -\~ twait (2) 

The next paragraph deals with the development of this, therefore the indice {t} 
for the segment itself is dropped whenever not necessary for clarity. 



2.1 Segment Travel Times 

Driving behaviour on freeway sections is described by the Fundamental Diagram, 
which relates traffic flow over mean density. This is also the basis of the driving 
velocity in the free flowing part of the segment. Various parametrizations exist, 
a summary of which can be found in [4] . Since the historical roots of the devising 
of the fundamental diagram lie in the study of freeway traffic, the applicability 
of the given forms to urban traffic has to be questioned. In [12] it was indeed 
shown that the figure of a speed-density relation in an urban context has a rather 
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different shape. For a permitted maximum speed of 70 km/h and 3 lanes, for 
instance, it is given in [12] as: 



v{c) 



70 : 0 < c < 30 
-0.3c + 79 : 30 < c < 210 
-0.076c + 31.92 : 210 < c < 420 



( 3 ) 



where the velocities c(c) are in km/h and the densities c are given in veh/km. 
The flow g(c) = c * c(c) is shown in the figure 2. 




mean density c_free of free flowing part [veh/km] 



Fig. 2. Fundamental-Diagram for a 3-lanes segment with Vfree = 70km/h 



In an urban network the segments contain additionally a queuing part. Therefore, 
the mean density c of the entire segment is a linear combination of both parts. To 
determine the density, regard the characteristic size <7maxout of a segment, which 
can be defined for all segments with a traffic-light at their end points. This is 
the maximum mean exit rate of the segment, and it is given by the duration of 
the green phase Tgreen in relation to the total traffic light period T, the number 
of lanes uianes and an universal dissolution rate 1/gdiss = 1/1-8 sec“^: 



iFgreen ^lanes 

^maxout — ^ 

^ Qdiss 



( 4 ) 



When the free flowing part is reaching the critical density Cmaxfree (see flgure 2), 
the switching point of the model, called Cgreen is received: 



Cgreen ■ — ^(Cniaxfree) 



— Cniax free H” 7- 



TgreenFred - 7.5 m X Cmaxfree] ■ (5) 



L 1.8 sec T 
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In this way two regions of flow can be distinguished: 

1) C ^ Cgreen 

2) c> 

Cgreen 

Remember that in the stationary request the inflow equals the outflow and the 
definition of gmaxout- For the region as indicated as 1) in figure 2, with flows 
below qmaxout, the queue built up at the red phase is dissolved during the green 
phase. On the other hand, in the second regime (see 2) in figure 2) are always a 
number of cars, which cannot leave the segment during the first green phase. 

Discussion is best started from the critical case c = Cgreen: 







L_qu 






■ ■ ■ ■ 






► 

max out 


- c ma5£_fce^ ■ 

■ ■ ■ ■ 




► 

q max 











< L_green > 



Fig. 3. Traffic situation for c = Cgreen 



Here it is the first time that the inflow qi^ equals the characteristic size (/maxout, 
and the queue contains just the vehicle number 

(ij. ^lanes rp 

-‘''green — -‘green ■ 

This queue is completely dissolved during a green phase. The length of this 
critical queue is given by: 



-bgreen — -Cgreen 

7.5 m 



1.8 sec 

— ^diss Tg] 



( 7 ) 



Note that, while the first line of eqn. (7) constructs Tgreen by assigning the iVgreen 
cars evenly to the nianes lanes, the last line gives it as the length driven by a 
floating car with the characteristic dissolution speed Udiss over the whole green 
phase. 

The universal velocity Udiss = 15 km/h is a result of the effective car length 
6 = 7.5 m combined with the universal dissolution rate <7diss- This velocity can 
be observed in a wide range of situations, like the dissolution of highway jams 
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and waiting queues at urban crossroads, and can also be reproduced theoretically 
[5]. The length b is the key parameter in the modeling school based on cellular 
automata ([6,10,13] and a vast body of related and subsequent work). 

On the other hand, the number of cars hitting the end of the queue during red 
phase is determined by the inflow rate q-m = <?maxout : 



(Tgreen) — ^Imaxout Tred 



7.5 m 



^lanes 






— ^dis 



green red 

~f 



(8) 



Obviously, formulae (7) and (8) do not coincide. Since, however, the inflow rate 
is a quantity which is averaged over the whole traffic-lights period, equation (8) 
presents a mean value as has been indicated by the pointed brackets. Comparison 
of equations (7) and (8) then reveals that the effective time average for the queue 
build-up is the geometrical mean of both phases. For Tgreen = Tred = T/2 this 
mean is just (Tgreen) = l/2Tgreen, whereas for asymmetric phases it is always 
smaller. The average length of the queue Lqu is then identified in the critical 
case as: 



L 



qu 



(Tgreen) 



(9) 



Equations (7,8) furthermore reveal the remarkable fact that the eventual dis- 
solution time tqu for the critical queue contains only the characteristics of the 
traffic-lights. Since the queue is dissolved with Udiss one finds: 



tqu — (Tgreen) /^diss — 



TgreenTred 

T 



(10) 



Using the fundamental diagram it is implying, that the cars in the free-flowing 
part are driving at a velocity of Umax free by a density of Cmaxfree- 
Thus, we can obtain this time as 



tfree — (T Tqu)/Umaxfree ■ 



( 11 ) 



For small densities c < Cgreem the in- and outflow of the segment is less 
9maxout- This means that the average length Lqu of the queue is shorter 



(Tgreen) ■ 



Tqu — ^?in Fred 



7.5m 

^lanes 



than 

than 

(12) 



and the according dissolution time 



^qu — -^qu/^diss 



^in ^red 



l.Ssec 

^lanes 



(13) 



In the free-flowing part the cars are driving with a mean speed of Ufree by a 
density of Cfree dependent on the inflow It leads to the time 



tfree — (F Fqu)/ufree 



( 14 ) 
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It remains the second region with high densities c > Cgreen- 

Here the average queue length Lq„ is longer than (Agreen)- This means, a number 

of cars has to wait multiples of the total traffic light period T : 



Tqu — (Tgreen) (Tex) 



(15) 



with a mean length 



(Tex) 



(c 



Cgreen 



)T 



7.5m 

^lanes 



(16) 



All cars in Aqu — (Lgreen) have to wait for an extra time, thus the total dissolution 
time assembles to 



^qu — 



-^qu 

"^diss 



^-11. r. 

\-^green/ 



(17) 



The velocity Umax free Over the mean density Cmaxfree for the free-flowing part is 
given as the result of the mean maximun outflow, it leads to: 



^free — (T Tqu ) /Umax free ■ (^^) 

In contrast to the deterministically treated times thee and tqu, the time fwait is 
a statistical value and the same for the two regions. The expectation value twait 
for the overall waiting time becomes the probability to hit a red traffic-light by 
the remaining waiting time for arriving at a time T' at the traffic light. 

iwait=^*0+^(T,ed-T') 

Red 

= ^&-TredT')= ^ J (Tred-r')dT' 

0 

_ ± ^red 

2 T ■ 

Therefore, the sum of the three times define the travel time t{c) (see eqn. (1)) 
over a mean density. We call this the characteristic of a segment, it is like a 
Fundamental Diagram for urban roads. 

Receiving a measured travel time, it is now possible to invert the diagram at 
segment level to determine the traffic state variable. 



The picture shows the model-equation for a real road segment with length = 
1064 m, lanes = 3, total traffic light = 90 sec, green phase = 38 sec, red phase = 
52 sec in comparison with travel times obtained by the mesoscopic simulation- 
tool DYNEMO [11]. 

In the low flow region cars can be found, that don’t hit a red traffic-light. It is 
only the mere driving time. With approximately 70 km/h, they pass the segment 
in about 55 sec. Other cars have to wait at the red traffic light. The model shows 
an average. 
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0 5Q 10O 1S3 200 

mean density c of entire segment [veh/km] 

Fig. 4. Characteristic for a real road segment 



It should be stressed that the model equations don’t have any fit parameters, 
apart form the two universal numbers: The effective car length b and the dis- 
solution rate qdiss- So, the obtained segment-characteristic shows a remarkable 
agreement with the simulation-results. 



2.2 Segment Compilation 

Having obtained an analytical form of the segment travel time as functions of 
the mean density, it is now possible to return to equation (1). 

In the trivial case, where every segment is monitored by measuring points at its 
end, a picture of traffic state on the overall network can be immediately deduced. 

To analyse a measured floating car travel time on certain segments, structural 
information and a-priori-knowledge will be used. 



Figure 5 shows a typical situation, when receiving a measured travel time ^ac 
and another time tec ■ This leads to two equations with three unknown segment 
travel times: 



tAG = tAx(cAx) + txc(cxc) 
tec = tBx(cBx) + txc(cxc) 



The first information is obtained by comparison the measured times with a 
reference times 



^AC ■ — ^I'^hee T ^wait T ^ 



VEHspez 



(19) 



with tifree is the maximum permitted speed and tvEHspez is an allowance depen- 
dent on the features of the measuring vehichle. If the comparison reveals that 
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Fig. 5. Typical situation of overlapping paths at a crossroad 



tAC > ^AC floating car must have encountered an obstruction at some point 
of its journey, yet in which segment this occurred remains unclear. 



If the considered segments have comparable structural features, the similarity 
principle is applicable, which estimates segment travel times by weighting with 
the corresponding reference times: 

for path AC: Iax = 4°x ^ > ^xc = 4c ^ (20) 

^AC ^AC 

and 

for path BC: tex = 4x ^ : ^xc = 4c ^ • (21) 

^BC ^BC 

Of course, the travel times for segment {XC} in equations (20,21) will, in general, 
not agree. The solution nearest to the even distribution of delays, i.e. the one 
sought by the similarity principle is, then, given by constructing an appropriate 
mean value of the travel time txc- With just the arithmetic mean one arrives at 
the solution: 



^xc = 2 4c 

tAX = tAC — 
tsx = tnc — 



tAC 



(0) 

AC 



t 

txc 

txc 



tBC 

'-BC 



( 22 ) 



Inversion via the characteristic for the considered segment then yields the mean 
traffic densities. 



Another idea is based on the assumption, that the traffic state in segment {XC} 
is dependent on the previous states of the segments {AX}, {BX}. It leads to 
the hereditary principle and is in detail described in [9] . 
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In combination with other structural information, such as the most probable 
distribution of traffic load on the net, travel time profiles or statistical splitting 
rates given by analyzing trajectories, these assumptions would be helpful in 
obtaining a picture of the traffic situation within highly branched road networks. 

3 Conclusions 

Floating car data present a modern way of analyzing traffic ffow. But at first it 
must be guaranteed, that the general traffic situation is reffected by the measu- 
red travel times. Therefore, a sufficient number of vehicles is needed, which have 
to travel the path within a stationary situation. The received travel times have 
to be confirmed by an average. This request puts a constraint on the fleet of test 
cars and their distribution over the network. 

Through recent developments in communication- and vehicle-detecting-techno- 
logies, like GPS and GSM, an increasing number of vehicles will be equipped 
with traffic telematic systems. In the future this vehicles then represent a mea- 
suring fleet, so that floating car data could cover space and time in a sufficient 
resolution. 

This paper presents a model for urban road networks, which gives the mean ve- 
hicle density for a measured segment travel time. When assembling the segment 
travel times, extra reasoning is needed regarding the most probable distribution 
of traffic load on the net. In the future the calibration of the aggregate travel 
time model (ATTM) and the analysis of more complex structures will be conti- 
nued. It is also planned to design an online simulation-tool based on FGD, which 
kindly note, that modern traffic information systems should be integrated tools, 
using a combination of different kinds of traffic data and additional information, 
such as knowledge of construction sites or cultural events, for obtaining an actual 
picture of the traffic situation in an urban network and its future development. 

This project is supported by the administration of Berlin and is a part of BER- 
TRAM, the BERlin TRAfhc Management. The work is proceeding in coopera- 
tion with small middle enterprises SYSTRON and eloqu-metabasis, who makes 
real floating car data available. 
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Abstract. The influence of the hologram division into parts on the 
height of the readout signal was considered. It was found that from the 
two waves onto which the signal can be divorced: the geometrical and the 
boundary wave, the latter is responsible for the transfer of the optical 
signal. 



1 Introduction 

Diffractive optical elements are inseparable connected with the contemporary 
communication techniques. They are suitable for realisation interconnections 
between the optoelectronic systems (microlenses and fibers), they permit data 
storage and package with the high densities, allow data processing, make logic 
operations. With the help of the optical element Fourier transform is achieved as 
quick as possible - with the light velocity. The light techniques on the one hand 
cause the increase of the speed of acting at full, limiting value, on the other hand 
lead to the miniaturization of the setup elements. The miniaturization is possible 
for the two reasons: at first - for the high density of information registration in 
media, in the second place - for the possibility of integration several functions 
into one component e.g. beam splitting, de ection and focusing. The holography, 
among the others, is the technique of producing diffractive optical elements. 
It is known, that information registered at the hologram plate may be read 
out from the piece of it. However, how far the hologram may be subdivided as 
far as recorded information will be possible to read out yet? The subdividing 
process, undoubtely irreversible, is associated with the entropy increasing. It is 
associated with the diminishing of the number of the interference structure lines 
contained in the element also. Then the resolving power of the element decreases 
in comparison with that one of the whole hologram, perceived as the diffraction 
grating. 

2 Two “ Dimensional Spatial Signal — the Distinction 
between the Geometrical and the Boundary Waves 

The signal, which is obtained during the readout process, may be presented 
according Maggi-Rubinowicz concept [1], as a sum of two components: of the 
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geometrical and of the boundary diffraction waves. This concept, originated from 
physical reasons, generalized by Miamoto and Wolf [2], and Rubinowicz also, is 
widely supported mathematicaly (stationary phase method). We show, that the 
lost of information caused by the hologram subdivision is directly related to the 
boundary wave amplitude. Interference of the object and the reference beam 
waves permits to record information about the object at the photographic plate. 
Through developing and bleaching process we obtain hologram. The illumination 
of the hologram with another wave permits us to readout information encoded in 
the system of interference fringes. The readout process is the diffraction process 
and then it may be described by the Kirchhoff-Fresnel integral 

U{P) = k J g{^, r]) exp(tfc/(5, r]))d^ dg (1) 

where: 



P is the observation point, 

U{P) complex amplitude in the observation point, 

amplitude of the diffracted wave, immediately behind the hologram 

plate, 

/(C) v) phase function describing the phase of the wave perturbation coming 
from 

(^, rf) point at hologram to observation point, 

k = — wave number. 

A 



The integral is quickly oscillating function because of a great value of the 
wave number and then the integral (1) may be evaluated using the stationary 
phase method (SPM). The U{P) according to SPM can be written as the sum 
of the geometrical (Ug) and the boundary (Ub) waves [1] 



U{P) = Ug + Ub 



( 2 ) 



The hologram size, of necessity, must be limited. The influence of this limi- 
tation on the signal registered at P is represented by the boundary wave [3] 



C/B = exp(-^) / g{^,r])exp{ikf{^,g))^\Vf\ ^dcr 



(3) 



df 

Where — is the derivative of the phase function with respect to the outer 
an 

normal of the boundary line. 



3 Results 

The idea of this paper is the following. Hologram of greater size may be divided 
into few number of the smaller holograms. The integrals boundary of the (3) 
type originating from the same element of the boundary of the two neighbouring 
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subholograms are of the oposite sign according to opposite direction of the outer 
normal. Then, they cancel each other remaining the the contribution associated 
with the outer boundary only. As an example we consider axial hologram recor- 
ded and reconstructed with the A = 5 • 10“^. The object - the lightening point 
located at the zq = 1 from the hologram plate represents signal. The reference 
wave is divergent spherical wave with the centre at zr = 1.2 at the left from the 
holographic plate. The reconstructed wave is convergent to the zc = 1.1 point 
on the right side of hologram. The results obtained for holograms of circular 
shape of various sizes are presented in [4] . 

As follows from these results - when the hologram radius increases, an am- 
plitude of the signal tends to the geometrical wave amplitude, extremely high at 
geometrical focus. Similar results are obtained for the square hologram shape. 
Information flux (information entropy) defined as [5] 

S = -Y^p^log{pi) (4) 

i 

in optics is transformed to the information content of the image (optical entropy) 
if an intensity distribution is interpreted as a density of probability 

S{z) = ^ Ii{z) log(A(z)) (5) 

i 

where 

z is the optical axis coordinate 

Ii{z) are the normalized different intensity levels at plane z 

According to (5) - region of the focus is the region, where extreme of the entropy 
is expected. These results [4] give evidence that in the case circular symmetry 
the boundary wave causes the lost of information. The above results are more 
general and regards of the situation in which axial symmetry of the waves taking 
part in holographic imaging does not coincide with the boundary line shape. We 
consider the hologram of a square shape, cut off from the far, of axial region, 
where the density of the recorded interference fringes is high. The side of the 
square is equal to 800 A and its centre distance from the axis is equal to 1 . Then, 
remaining the centre position, the square side is diminished to 400 A, 200 A and 
100 A. 

The respective amplitudes of the geometrical and the boundary waves and 
the amplitude of the total disturbance in these cases are presented at Fig. 1 and 
Fig. 2. The singularities of the geometrical and the boundary wave amplitudes 
(Fig. 1, 800 A) corespond to geometrical and diffraction foci. The real ampli- 
tudes are finite, of course. The result of integration of (1) is presented at the 
bottom of this figure. From the comparison it follows that the maximal value of 
the amplitude corresponds to the boundary wave focus, the geometrical focus 
vanishes. 

The information is degraded. Figs. 1 and 2 illustrate the sequence of further 
diminution. The signal decreases by reason of the decreasing amount of the 
energy which reach the hologram during the readout process. 
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Fig. 1. The hologram of which the half sides are equal to 800 A and 400 A. From the top 
to the bottom are shown the distibutions of: - the geometrical wave amplitude, - the 
boundary wave amplitude evaluated as the contribution arising from the critical points 
at the edge, - the amplitude of the total disturbance evaluated by the stationary phase 
metod, - the ampiltude of the total distrubance obtained by numerical integration of 
Kirchhoff-Fresnel integral 
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4 Conclusion 

The limits of the hologram division, determining the height of the readout signal, 
are directly related to the boundary wave amplitude. 
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Abstract. After a short introduction to the concept of automation 
and computer based systems, chapter 2 presents the the concepts of 
Electronic Performance Support Systems (EPSS). Chapter 3 specifically 
discusses process-centered EPSS and their realization in software engi- 
neering and office automation. Different attitudes and requirements are 
pointed out. Chapter 4 argues that computer support makes it necessary 
to extend Scheer’s Y (well-known in the CIM-area) to accomodate addi- 
tional granularity. This discussion is carried over into chapter 5 where we 
map the relevant processes of software engineering and office automation 
to the processes identified in the extended Y from chapter 4. 



1 Automation and Computer Based Systems 

1.1 Automation 

Automation has been defined (only as late as 1956!) [28] as the replacement and 
enhancement of human work by computers [28]. Machines, especially computers, 
have always acted as amplifiers for human capabilities. The current trend to ever 
increasing computational power at dramatically reduced cost and size will in- 
duce even more computer support. In many instances computers are intelligence 
amplifiers, analog to the power amplification qualities of classical machines. 



1.2 Computer Based Systems (CBS) 

The term EPSS has become a common name for ideas and environments already 
existent in the various domains to be discussed in this paper. In three domains 
of CBS (computer based systems) this trend is highly obvious. All three have an 
emphasis on processes and the computer support for their enactment. 

* The research behind this paper was triggered and funded by Project P09372-PHY 
(’CAD fiir CIM’) and P11824-TEC (’Autonomer reaktiver Roboterarm’) of the Aus- 
trian Fond zur Forderung wissenschaftlicher Forschung 
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Software Engineering 

The main idea is to create a model of a system for information processing 
and to subsequently implement this system. The volatility and complexity 
of software engineering [12] makes it necessary to emphasise the adherence 
to a defined process to ensure quality [35] . 

Office automation Here the main objective is to organize a smooth and effec- 
tive system to create and administer task in the office [40] [48] [58]. 

Flexible Manufacturing The major concern is the fully automatic and interruption- 
free running of a production cell to produce some goods [5] [42] [43] [44] [6] . 

2 Electronic Performance Snpport Systems 

For complex tasks it is not sufficient to amplify a single human capability, but 
one must take a systemic view and provide the user with an integrated envi- 
ronment which allows to solve the complete task holistically. We are challenged 
to build an environment for supporting humans in performing complex multi- 
step tasks. The term Electronic Performance Support Systems (EPSS) has been 
coined [31] for general supporting systems [13] [7] . They are intended to combine 
training, documentation, expert knowledge, feedback and obvious tools to provide 
technology users with the information they need, when they need it, where they 
need it, in the context of the situation they are in, without having to leave work 
to get it. 

One has to accept that the arrival of the new computer technology (especially 
the dramatic growth of computers with respect speed, power and memory at a 
dramatic reduction in cost) was the main driver for creating EPSS. Very often 
the scenario was of the type ’We have a solution - do you have a problem for 
It?. 

Nevertheless the overall requirements for such an environment is (Fig. 1): 

- that it support humans in a ’natural, intuitive’ way, 

- is unobtrusive and 

- becomes visible, only when it is needed or called upon. 

Typically such an environment allows humans to perform six types of work 
(Fig. 1): 

information access EPSS should provide the user with information, guidance 
and help: ’’your unobtrusive assistant”. 

creative work In all engineering disciplines creativity is the key to quality and 
cost-effectiveness, especially in the long run. The problem is that creativ- 
ity needs a certain amount of freedom whereas quality (cf. ISO 9000, [39]) 
requires a certain adherence to predefined processes. One needs a delicate 
balance between prescribing a well defined process to be performed (’the 
human as a machine’) and the freedom for engineers in their creative work 
(’the human as a free-wheeling spirit’). In the optimal case the EPSS pro- 
vides to the engineer the much needed support for creativity: ’’your helpful 
co-designer” 




Electronic Performance Support Systems Challenges and Problems 379 



calling of development tools This covers the ’mechanical, non-creative’ part 
of every system development. Tools provide the necessary generative sup- 
port by automatically deriving further intermediate products (e.g. executable 
code) from some previously specified docuements (e.g. low level design): 
’’your untiring ghost writer” 

process management This means to decide which tasks are still outstanding, 
which can be started and deciding which one to tackle next. It includes, in the 
extreme case, the detailed prescription of individual steps and their sequence 
in the form of a process model [15] [26] : ’’your unerring task manager” 
document management Storing, updating, classifying the various pieces of 
information arising in a project, including version and configuration man- 
agement: ’’your untiring registrar and archiver” 
communication with co-workers It is a fact that most work has to be done 
as a team effort. This means that an EPSS, even if conceptualized for the use 
by an individual, must enable a person to share his/her tasks, results and 
data with co-workers in order to perform all group related work (i.e. com- 
munication, coordination, consensus and collaboration) [21]\”your effective 
team work organizer” . 




Fig. 1. Main Support of Electronic Performance Systems 



2.1 Process-Centered and Non-process Centered EPSS 

It has to be observed that in the three indicated areas the development/production 
process is complex and consists of many individual activities, which are inter- 
vowen and interdependent in many ways. That means that both the individual 
activities and the process are of importance. Errors in either one lead at least to 
suboptimal performance, in the worst case to unacceptable results. EPSS have 
two starting points: 
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bottom- up This is a natural approach in automation: gradually associating cer- 
tain activities with mechanical tools and thus supporting/replacing human 
work. This leads to computer based systems of various form and complex- 
ity. In software engineering typically compilers were one of the earliest tools 
[49,50]. In flexible manufacturing various (often still mechanical) tools were 
employed, and office automation used computing tools almost from its begin- 
ning (e.g. mechanical calculating machines [33]). One of the major problems 
of this ’bottom-up’ approach is the exchange of data between the different 
tools, not only syntactically but also semantically. A problem which still has 
not been fully solved. For consistency reasons the best approach is to provide 
a common repository where all data are stored redundancy-free. Every tool 
takes its data from the repository and puts them there again. Obviously this 
means a considerable standardisation with respect to syntax and semantic. 
In the area of software engineering [22] , [I] we therefore find EPSS in the form 
of a so-called workbench [15, 16]. We see several tools which share data via a 
common repository and we a see a process model where tool are attached to 
the various activities. Eor a full support of all software development activities 
both types of support are needed, although in many instances (typically the 
tool sets supporting Information Engineering (e.g. ADW, lEF etc.) do not 
have an explicit process model: It is tought by the tool provider and has to 
be internalized by the developers. A workbench contains an integrated set 
of tools, where the following aspects of integration are covered: 
data integration all data are freely shared by the various tools, the tools 
are able to interpret and use one anothers data 
call- interface integration all tools are called in a uniform way, consistent 
with the mental model of the user 

philosophical integration all tools obey to the same methodologial paradigm 
functional coverage the tools form an essentially non-overlapping set which 
cover in their totality all needed functions 
Typical respresentatives are tool sets like ADW, lEF, INNOVATOR etc. 
top-down The complexity of the complete production process, the interdepen- 
dence of the various activities, and the number of people involved makes it 
necessary also to define and prescribe (to a certain amount) the sequence 
of these activities. In software engineering this is usually expressed in a so- 
called process models. One of the earliest was Boehm’s waterfall model [9]. 
Typical examples are ADPS [2] [3] [14] [25] and MAESTRO II [46]. 

The process models V-Model [11], SSADM [29], and even ISO 12207 [36], 
when enacted, would also fall into this category. This has induced a con- 
siderable research and has gained considerable practical importance (cf. 
[30] [57] [11]), including standardisation efforts. A major problem is the dan- 
ger of procrastination of the developers, over-bureaucratisation and a poor 
interface to tools (cf. ADPS [2] [3] [14] [25]). In software engineering EPSS of 
this kind are often called ’process-centered Software Engineering Environ- 
ment’ [32]. For these EPSS the process model, usually derived from some 
develotoppment method, is central. The EPSS support the enactment of 
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such a model in the sense that for individual projects the process model is 
instantiated yielding an actual process. 

From the very beginning of administration in the early forms of temple ad- 
ministrations [45] [47] one needed on precise and clear prescription of proceed- 
ing - starting with religious ceremonies in pre-historical times. From these 
descriptions the processes to be performed have evolved and have instigated 
computer support for the enactment of the prescribed process. 

By necessity EPSS need both types of computer support, but the emphasis 
is different. Fig. 2 shows - from the domain of software engineering - the main 
tasks of an EPSS. 







Fig. 2. Concept of a SEE 



Above considerations can also be observed in the area of Office automation, 
where (cf. [48]) a distinction is made between ’workflow’ and ’groupware’. Otto 
Petrovic defines: ’’Groupware is a jointly usable environment which supports 
teams to fulfill their common tasks”. On the other hand we find: ’’Workflow is 
a system which completely defines, manages and executes workflow processes 
through the execution of software whose order of execution is driven by a com- 
puter representation of the workflow process logic” [59] . 

In the area of flexible manufacturing a distinction should be drawn between 
a manufacturing shop where several works produce some goods with the use of 
various tools and a flexible manufacturing cell where a precise control program 
controls all actions of tools, the intermediate storage and the robots [41,44,6]. 

3 Process-Centered EPSS 

For the rest of this paper we will concentrate on process-centered EPSS. It 
turns out that the emphasis and the need for support and control is different in 
different domains. 
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As already stated in other publications, the consequence is that the basic 
structure of for such EPSS is the same, the emphasis and the specihc design 
parameters differ, however [17]. 



3.1 Software Engineering 

In software engineering ( ’’The establishment and use of sound engineering princi- 
ples (methods) in order to obtain economically software that is reliable and works 
on real machines” [4]) the main driving objectives are productivity and quality. 
In the beginning activities occurring late in the software production where sub- 
jected to automation in a recursive way: using software (compilers) to produce 
instruction for the computer. Thus that part of software which controls the com- 
puter hardware is generated, not hand-crafted by humans (cf. FORTRAN [37], 
PL/I etc. Gradually more and more tools covered more and more of the pro- 
duction process, including earlier and earlier phases of the production process: 
CASE -computer aided software engineering. Complete software engineering en- 
vironments evolved [16] [32] [34]. Initially there were more and more tools added 
to the support environment. With the growing complexity and expansion of the 
activities included in the development process the need for a process model be- 
came apparent (e.g. [11] [14]). Various process models were proposed and even 
partially standardized (SSADM, ADPS; V-Modell, Merise, ISO 12207, etc.). 



3.2 Office Automation 

It is known that considerable productivity potential is still available via office 
automation. Large companies spent up to 50% on office costs, service oriented 
companies even up to 85% [55]. The current productivity increase in the office 
world is around 3 % which is not much better than the the learning curve. The 
current nature of office work does not allow too sophisticated tool to be employed 
- desk top publishing systems, calculators, automatic copying machines. 

A major saving can be found in three areas: 

- reducing transport delays by providing an electronic act which is moved in 
an network 

- eliminating transfer costs due to change of medium (from paper to computer 
to paper etc.) by providing one electronic medium for every user 

- eliminating the need for duplicating by providing all users with access to 
one and the same copy electronic copy. 

Especially the electronic transport of documents induced the idea to provide 
an automatic routing, ie.e. a work flow model, embodying the rules prevalent in 
many government departments with their strict order of routing documents. 

In this field we see less of the ’tool type’ typically for software development 
(CASE-tools). The equivalent of this would be the so-called groupware tools 
which, however, do not so much impress by their tool capacity but rather by 
the chance that everybody can access all information available to everybody 
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else, providing an environment for a group working together. In this area the 
emphasis is rather on defining the /low of work - the workflow., When considering 
office automation, we should bear in mind, however, the great potential to create 
completely new solutions. These solutions are invariably process-centered EPSS. 



3.3 Comparison of the Domains 

In the previous sections we have discussed two important domains of CBS. 
We have also shown the dichotomy between process-centered and tool-centered 
EPSS. Table 1 illustrates some of these differences. 



Table 1. Types of EPSS 





tool centered 


process centered 


software engineering 


SEE 


CASE-Tool 


office automation 


groupware system 


workflow system 



Despite the similarity of the underlying paradigm, these areas show consid- 
erable difference. We will discuss these differences from three viewpoints: 

attitudes and basic requirements What do users of the process expect of 
their roles and the behaviour of the system? 
analysis of key processes Based on an extension of Scheer’s Y [52] the most 
important processes and their main component processes are identified. We 
will discuss the importance and the impact of these processes in the various 
domains. This will also give an indication of analogously processes in the 
other domain. 

creativity Engineering is - at least it is claimed - a creative activity. But dif- 
ferent amount of creativity and in different areas is needed in the different 
domains. 



3.4 Attitudes and Basic Requirements 

In previous publications major differences with respect to the users’ attitude and 
expectations have been identified [19]. The main points of interest were: 

- The user’s role perception [8] in the process (from ’creative genius’ to ’rule- 
obeying slave’) 

- The purpose of the process (from ’helping humans’ to ’eliminating humans’) 

- The requirements on process documentation (from ’the result justifies the 
means’ to ’the journey is the objective’) 

- Security requirements and back-up needs over system crashes (from ’let’s 
just do it again’ to ’it will never be the same again’). 

- control over process observation (from ’very strict’ to ’very liberal’). 
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- The amount of parallel work within a process respectively the amount of 
independent parallel processes (from ’numerous lean processes’ to ’a few fat 
ones’). 

- The value and influence of creativity (from ’liberating from clerical drudgery’ 
to ’stifling creativity’). 

Table 2 identifies some key differences. 



Table 2. Attitudes towards EPSS 



aspect 


software engineering 


office automation 


user’s perception 


creative genius 


law-abiding clerk 


purpose of process 


supporting human 
information processing 


supporting human 
administration 


creativity 


fear of being oppressed 


freed to think of the 
essential 


process documentation 


result justifies the means 


the path is important 


Security requirements and 
back-up needs 


do not loose the creative 
contents 


do not loose the 
information about taken 
steps going 


control over process 


liberal 


very strict 


parallelism of processes 


a few large projects 


many small processes 



4 Analysis of Basic Processes: Refining Scheer’s Y 

The production of an industrial product is more than just an engineering effort. 
Numerous processes must assure that all ’accompanying processes’ are also per- 
formed correctly. For the CIM-area Scheer’s original Y (cf. Fig. 3, [52]) shows a 
simplified view of all departments involved. This ’Y’ can be considered to be a 
general description for all types of ’production processes’, be it for the production 
of material goods (’CIM’) for the production of immaterial goods (e.g. software) 
or for the creation of immaterial decisions etc. (e.g. work flow). It identifies three 
major domains of Computer Integrated Manufacturing: 

- a Production Planning and Control system (PPS), 

- a Computer Aided Engineering System (CAE) and 

- a Computer Aided Manufacturing System (CAM) 

If we want quality processes, then the Deming-model is a good starting point. 
Mirroring Deming’s improvement cycle means that we will have the four com- 
ponents as shown in Fig. 4. 

If a process is enacted there are actually several separate but intertwined 
processes needed. If we follow W.E. Doming [27] there are basically four steps for 
quality improvement. If we apply this to the processes involved in production 
we have to 
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Computer Integrated Manufacturing 



Product 
Planning + 
Control 




Computer 

Aided 

Engineering 



Computer 

Aided 

Manufacturing 



Fig. 3. Components of CIM (Scheer’s Y) 




Fig. 4. Structure of a process 



Plan We have to define the process we want to follow 

Do We have to perform the process. This includes providing all the necessary 
materials and information for a successful enactment. 

Check We have to control and check the enactment of the process. When the 
processes are enacted, their appropriate performance has to be controlled, 
introducing enactment control processes (cf. Fig. 6) and the various subpro- 
cesses of software engineering as described in ISO12207 [36] and ISO15504 
[38] 

Act This phase is concerned with feedback and prepares the process for the next 
iteration. For the time being we ignore this but we have to understand that 
is also an important part of the process, as especially the efforts in software 
engineering show [18] [23] [24]. 

For humans the distinctions is often not clear, large portions of the definition 
and steering process are often performed implicitly or even unconsciously. If such 
processes are subjected to automation also the accompanying processes have to 
be understood and enacted explicitly definition process for each of them, but 
this will not be further discussed. 

Applying this idea to Scheer’s Y we get a model of finer granularity. In 
the extended version we split the PPS process into two: A process concerned 
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Fig. 5. Deming’s improvement cycle 



with establishing a market for the intended product by acquiring/identifying 
customers and a process for providing the necessary raw material to perform the 
actual engineering process. We will soon see that these two part of the process 
will have different importance in the discussed domains. Thus as Fig. 6 shows we 
should consider four essential processes contributing to the overall process. One 
process defines the ’product’ to be produced, the other one is concerned with 
the demand for the product and as a consequence another process is concerned 
with providing the necessary material to produce the product, based on the 
information provided by the customer acquisition process. 



COMPUTER AIDED ENGINEERING 



Define 

customer Defining the 
suoply 




completed specification 



COMPUTER AfDED 
MANUFACTURiNG 



Fig. 6. Expanded Components of Scheer’s Y 
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In the sequel we will discuss the importance and influence of these processes 
for the three domains identified above. 



5 Matching Software and Office Antomation to the 
Extended Y 

5.1 Software Engineering 

The key question is which parts of a software engineering process (e.g. [15] [11] [10] 
are to be considered ’engineering’ and which are to be considered ’production’. 
If we look at the individual steps of a software development process as most 
basically depicted in Boehm’s famous ’Waterfall model’, cf. [9]) one can argue 
convincingly that most of the software development process is engineering a 
system. Thus at least the early phases could be parallelled with the CAE-branch 
of the ’Y’. 

Is there also a ’software production’ in the sense of manufacturing? Let’s 
start at the other end of the process. The preparation and distribution of the 
final copies of the developed software certainly is akin to ’production’. To answer 
that question we should investigate, what in the Y constitutes the boarder line 
between engineering and production: It is the complete construction documenta- 
tion allowing a appropriately trained engineer to build the desired product any 
number of times. In software the cut-over point would probably a document at 
the level of low-level design, pseudo-code or equivalent. Based on it one has to 
produce an enactable product and to distribute it according to marketing advice 
etc. 



5.2 Workflow 

Given the definition of workflow, an EPSS supporting workflow would look like 
Fig. 7. 

In the domain of office automation similar considerations as for software 
engineering are applicable. We could say that the main ’product’ of a work 
flow operation is the successful performance of a business process. The ’product’ 
of enacting some workflow procedure is some kind of document resulting from 
performing a business process. In many situations these are standardized routine 
processes like issuing a passport, certifying a state of affairs etc. In other cases 
more material has to be collected, like deciding on ordering some goods. 

For the standard cases where an essentially automatic procedure is performed 
the enactment should be equated to the ’CAM’ part of the ’Y’. In other cases, 
e.g. selecting tenders (cf. the software acquisition process described in ISO 12207 
[36]) it is often at first necessary to define the documents to be used for this 
process, thus ’engineering’ part of the end product. In this case a more or less 
large portion of the process would be associated with the CAE-branch of the Y. 
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Fig. 7 . Workflow Systems 



Table 3. Subprocesses in PPS 





Supply Process (PPS) 






Software Engineering 


Workflow 


Define 


The supply process is rather simple, 
the major problem is finding good 
engineers. In the late phases of a 
software project, the supply challege 
is to find additional personnel for 
coding, for testing, correction and 
integration. 


For Workflow the challenge is to 
express the desired business logic 
with an adequate representation 
enactable by the chosen workflow 
support system. 


Enact. 

Ctl. 


Given the simplicity of the supply 
process, control is not a major issues 


Given the simplicity of the supply 
process, control is not a major issues 


Enact. 


routine management activity 


routine management activity 



5.3 Mapping Workflow, Software Engineering and the Extended Y 



Tables 3, 4, and 5 comment the processes shown in Fig. 6. 

While the original description of CIM by Scheer’s famous ’Y’ demonstrates 
the need for integration of production, it cannot be directly applied to software 
development or office automation. Both the original concept and our exten- 
sions restrict themselves to process-centered work. There is another large (and 
growing) domain where support systems typically help people perform their job 
without a predefined process. In the area of office automation this is covered 
by the concept of groupware. This dichotomy has to receive special attention. 
It seems that in software engineering it is rather apprarent by the gap between 
integrated CASE-tools and Process models [22]. 
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Table 4. Subprocesses in CAE 





Engineering Process, CAE 






Software Engineering 


Workflow 


Define 


The choice of the ’correct’ 
development process is of major 
importance [35] [20] [51] The ’correct’ 
engineering process is still a major 
discussion point for theoreticians and 
practitioners. Methods and 
approaches still largely in flux. Often 
a different process is used for each 
project. 


It seems that in the business world 
the options do not diverge 
considerably. There exist several 
well-established methods to express 
and record business processes 
[53] [54] . Also the necessary 
components and their interplay are 
largely understood. 


Enact. 

Ctl. 


cost, deadlines, quality and 
development risk still largely out of 
control. Current attempts at 
capability assessments (]35][38] are 
still largely under discussion 


Business has a tradition of controlling 
business processes, so theoretically 
there is not too much divergence. 

The challenge is to use EPSS to 
speed-up and optimize this control 
especially in view of economy, speed 
and globalisation, e.g. e-commerce. 


Enact. 


Due to the difficulties in definition 
and enactment control the actual 
engineering process is also wrought 
with problems. In many situations 
pseudo-creativity and ad-hocism win 
over orderly engineering principles. 


The enactment has the challenge of 
using the chances modern 
information and communication 
technology 



6 Conclusion 

Software Engineering and Office Automation implement currently a very sim- 
ilar paradigm: Helping professionals to perform a better, more effective and 
more productive job by providing these professional with Electronic Performance 
Support Systems (EPSS). This similarity implies similar ways to implement an 
EPSS. There are, however, essential differences which warrant different designs 
and implementation, but still allow cross-fertilization of these domains. The pa- 
per tried to show that many of the concepts developed in one domain of the 
Information and Communication Technology-world carry - mutandis mutatis - 
to other areas. 

In this paper extend the discussion of EPSS into various directions: 

- Providing a more fine grained description of the individual processes (split- 
ting them into ’definition’, ’enactment’ and ’enactment control’). Retrospec- 
tively it seems useful to define also a supply process for engineering process, 
providing things like personnel, methods etc. 

- We have discussed the mapping of both software engineering and office au- 
tomation onto the original concept (CIM). It turned out that the interesting 
parts of software engineering cover essentially only the CAE-branch. For 
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Table 5. Subprocesses in CAM 





Production Process (CAM) 






Software Engineering 


Workflow 


Define 


Most of the decisions are actually 
made in the engineering phase. It 
remains to define the sequence in 
which generation of code and testing 
is to be performed. 


No large difference to defining the 
’CAE ’-process can be found. 


Enact. 

Ctl. 


Major problems result from errors in 
previous phases (Engineering 
process) which cause unexpected 
rework and design changes. The 
introduction of quality processes and 
the attempts to measure and improve 
the capability of a software producing 
organisation try to bring this phase 
under management control 


Given an appropriate work flow 
environment most of the control is 
performed by the system. 
Introductory problems arise from a 
shifting of tasks (e.g. transport effort 
is greatly reduced, initial preparation 
of electronic documents needs 
additional work power [56]). 


Enact. 


To some extend automatic generation 
of the final product from design 
documents is available. The rest is 
mostly human work, thus error prone 
and not fully predictable. 


not much difference to the 
Engineering process exists, since in 
the ’production phase’ only less 
freedom of creating documents etc. 
can be noticeds. 



workflow the mapping to either the CAE or the GAM branch depending on 
the flexibility /predictability of the process to be performed. But it seems that 
this is more a matter of definition than of inherent difference. 

- We have also compared the attitude of team members when being supported 
by an EPSS. We have argued that - despite the overall similarity of the 
paradigm - there are significant differences in the domain of workflow and 
of software engineering. 

The growing competition, globalisation and integration forces us not only 
provide computer support for all these activities via EPSS but also to consider 
merging and assimilating such environments for a seamless industrial operation. 
With this aim in mind this paper tries also tries to shed some light on the 
difference of automating software engineering versus office work. 
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Abstract. In the software development process ideas and objectives are 
evolved into semiformal and formal representations allowing later execu- 
tion of the system on a computer. Knowledge about the system is re- 
presented in various forms (e.g., natural language, UML models, source 
code, etc.). The evolutionary change of knowledge representations is a 
challenging issue. In this paper we propose a framework applicable to 
the elicitation and evolution of requirements in the software engineering 
process. We discuss architectural considerations for supporting tracea- 
bility between artifacts of different CASE tools and present a partial 
implementation of the approach. 

1 Introduction 

In the software engineering process knowledge about the system to be develo- 
ped is gathered and evolved using different representation mechanisms. Informal 
representations based on natural language are suited to involve non-technical 
stakeholders early in the life cycle. Semiformal representations which clearly 
establish syntactical rules and formal representations establishing syntactical 
and semantical rules are used mainly by technical stakeholders to design and 
develop the system (e.g., the UML class model, UML behavior model, a Java 
class). Our research interest is how knowledge can be represented and evolved 
integrating different representation mechanisms. 

The inherent iterative and evolutionary characteristics of software develop- 
ment have led to the development of iterative and evolutionary life-cycles models 
[5,16]. However, modelling methods and tools supporting these processes often 
do not support evolution, i.e. they do not consider the inherent evolution of the 
produced models. As a result we are often lacking ’’connectors” between different 
methods and tools used in the life cycle. 

The following scenario illustrates the discussed problems: A system analyst 
creates a UML Use Case Model, based on system requirements captured in 
natural language. The model contains instances of the UML artifacts Actor and 
Use Case, related by generalisations and associations. After finishing the Use 
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Case Analysis a designer creates class models and state transition diagrams 
(STD) based on the Use Case Model. Some of the use cases will be evolved 
into class methods, which may be used as events in the STD. Later in the 
process the system analyst discovers that some assumptions in the use case 
model do not hold. So the designer has to create a new variation of the class 
model based on the new assumptions. In doing this, she has to take into account 
the dynamic, evolutionary constraints between artifacts of the Use Case model, 
the class model and the behaviour model (STD); i.e. a class should not be deleted 
if it corresponds to some use cases, the name of a method should not be changed 
if it participates in an event, . . .The designer has to reconsider the models to 
produce a second version that considers the changes of the system analyst and 
maintains the coherence and integrity to her own models. 

Although most CASE tools partially ensure the required integrity checks, a 
systematic approach does not exist and the lack of compatibility and communi- 
cation between different methods and tools is evident. This becomes especially 
true if we scale this scenario to multiple technical and non-technical stakehol- 
ders using multiple representations. Especially in the early phases of software 
development a semantic distance between requirements and architectures exists. 
The semantic distance and mismatch between tools decreases in later phases of 
the life-cycle, probably due to the similarity of concepts used (e.g.. Round-trip 
engineering between UML models and 00 languages). 

We selected the requirements engineering process to investigate the problems 
discussed above. The elicitation of requirements relies on successful involvement 
and interaction of multiple stakeholders and usually adopts natural language to 
represent knowledge. Evolution of informal knowledge on the one hand requires 
the ability to automatically transform representations into different represen- 
tations. On the other hand we need to trace the path of evolution for certain 
semantic constructs. 

This paper is structured in the following manner: Section 2 describes a case 
study we carried out to gain a better understanding of the challenges and issues. 
Section 3 presents a framework addressing the problems. Architectural conside- 
rations for interoperating software tools are proposed in Sections 4 and Section 5 
demonstrated a partial implementation. We finish with conclusions and further 
work in Section 6. 

2 WinWin and UML: A Case Study 

In a previous experiment described in [14] we used the WinWin negotiation 
model [4,5] and the Unified Modelling Language (UML) [15] to capture, elicit and 
evolve requirements for a student registration system. Our process was organised 
in three steps carried out iteratively (see Fig. 1). Users and developers were 
involved in the negotiation stage. Requirements and System Engineers carried 
out the modelling stage. 

’’Negotiation” We captured and negotiated the requirements using the Win- 
Win groupware tool involving success-critical stakeholders like customers, 
users, and developers. 
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Fig. 1. Stages in the RE Process 



”To-Be-Determined” After the initial negotiation process a Requirements 
Engineer analysed the negotiation results and identified open issues and 
problems captured in TBD artifacts (see Fig. 3). 

’’Modelling” The WinWin artifacts were then used together with the TBD 
artifacts to develop a model of the system using UML. 

The major conclusions of this experiment can be summarised as follows: 

Iteration and Evolution: Work products evolve based on previously achieved 
results. The requirements engineering process can be characterised as an 
iterative and evolutionary process [3,5,12,13]- While the WinWin system [5] 
improves the identification and negotiation of requirements, the transition to 
architecture and design (expressed in semiformal and formal representations) 
is still based on intuition and experience. 

Importance of informal, ’’lightweight” approaches: In order to involve 
stakeholders inexperienced in system modelling and computer technology 
we have to adopt easy to use mechanisms to facilitate the interaction. The 
process should be performed intuitively benefiting from the semantic power 
of natural language. Crucial decisions in the process should be preserved to 
be available in further stages and projects. 

”TBD” activity: Requirements captured in natural language can be evolved 
into a more formal representation through structuring and consolidation. 
This step also raises further issues and problems in the requirements and 
allows the establishment of useful links supporting traceability. Identified 
problems and links can be used in further refinements of the specification or 
in case of changes to the specification (design problems, maintenance, . . . ). 
Multiple views are required to involve technical and non-technical stake- 
holders and to re-negotiate the problems discovered by the requirements 
engineer during TBD to get a complete and consistent set of requirements. 
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3 Framework Characteristics 

The previously described Requirements Engineering process involves multiple 
stakeholders, modelling languages, and tools. A framework useful to address 
evolution in the Requirements Engineering process should be based on such an 
iterative process and augmented with additional concepts supporting an ope- 
rational management of evolution. In this section we describe the terms used 
throughout this paper using examples from the case study and show how our 
framework addresses static and evolutionary relationships as well as traceability 
and translatability. 

3.1 Terms 

Modelling language (representation language) Symbols, syntactical and 
semantical rules used for the elaboration of models. Examples: Unified Mo- 
delling Language, Win Win negotiation model 
Model A representation of a system using a modelling language. Examples: 
UML class model for Project X, Win Win negotiations for Project X 
Meta-model A model elaborated in a modelling language defining a set of 
meta-artifacts and -relationships. A meta-model defines the items available 
in a modelling language. Examples: WinWin negotiation model in UML, 
UML meta-model defined using UML 

Meta-artifact A class of item used in a modelling language. Examples: ’’Use 
Case”, ’’Actor”, ’’WinCondition” 

Artifact Instance of a meta-artifact. Examples: ’’Register for class”; ’’Student”; 
’’Response time < 10 seconds” 

Notation A set of graphical symbols used to depict meta-artifacts and - 
relationships (e.g., arcs, icons, lines, . . . ). Examples: Rectangle to depict 
a UAIL class 

View A subset of a model depicting a certain system aspect. Examples: UML 
Use Case Diagram ’’overall use case diagram”; WinWin Rationale View for 
project X 

Tool Software capability supporting a notation and modelling language. Exam- 
ples: UML CASE tool; WinWin Groupware Tool 
(Intra-)model evolution Modifications of a system model using the same lan- 
guage (meta-model) resulting in a new version of a model. Example: Evolve 
domain class model version 1 to domain class model version 2. Typical model 
evolution operations are replace artifact, create new artifact version, delete 
artifact, or modify artifact. 

Inter-model evolution Modifications requiring a change of the language 
(meta-model). Example: Use Case model developed based on WinWin agre- 
ements. 

Intra-model relationships Relationships between the meta-artifacts of a mo- 
delling language. Examples: Issue — >■ WinCondition, Actor — >■ Class 
Inter-model relationships Relationships between meta-artifacts used in dif- 
ferent modelling languages (see Fig. 1). Example: WinCondition describes 
UseCase 
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We have to stress that the meta-level is always relative, and an infinite meta- 
meta-. . .may exist. We consider only two levels. Following the naming conven- 
tions described above we have to use the term meta-relationship instead of rela- 
tionships, but we preferred to simplify the presentation. 

Intra-model relationships are internal to a modelling language (tool). Inter- 
model relationships are partially language/tool independent and are our main 
interest. We distinguish static and evolutionary relationships. 



3.2 Static Relationships 

Static inter-model relationships link meta-artifacts of different modelling langu- 
ages. As they are time-independent we describe them in a static meta-model 
(SMM) not considering evolution. 



Identified stakeholders 




Fig. 2. Static top level meta-model 



The UML Class Diagram in Fig. 2 shows main superclasses and static inter- 
model relationships. Each superclass corresponds to one stage of the case study 
process (Neg: WinWin Negotiation; TBD: To-Be-Determined; SME: UML Mo- 
delling). The class Neg represents the super class of the meta-artifacts used 
during the negotiation process. Each meta-artifact can have the following asso- 
ciations: 

describes implies that a modelling artifact is explained by a negotiation arti- 
fact. 

appearsJn shows a problem detected in a negotiation artifact during the TBD 
stage 

solvedJn shows a problem detected in a negotiation artifact which has been 
solved in other negotiation artifact. 
related_to links a problem to an SME artifact. 

These relationships are established during the TBD activity to create links 
between artifacts of different languages/tools. During the experiment we identi- 
fied major subclasses of TBD (Fig. 3): 
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Incompleteness indicates that insufficient information about a SME artifact 
has been specified during the negotiation process. 

Conflict describes a constraint about a SME artifact existing between specifi- 
cations made in different NEG artifacts. 

Unsolved problem describes an open question about a SME artifact requiring 
further (re-)negotiation. 




Fig. 3. TBD Meta-artifacts 



Although we consider these classes as part of the SMM, as they do not impose 
restrictions on the evolution of the different artifacts in the different models they 
are very important in supporting the evolutionary process. Unsolved problems 
imply the need for further iterations in the Negotiation, TBD and Modelling 
activities. These artifacts are therefore evolutionary from the point of view of 
the process although not evolutionary from the point of view of the obtained 
products. 



3.3 Evolutionary Relationships 

The objective of the evolutionary meta-model (EMM) is to describe how meta- 
artifacts specified in the SMM can evolve depending on the inter-model and intra- 
model static relationships. Each meta-artifact is associated to a state transition 
diagram showing possible and allowed transitions depending on the state of the 
artifact in the course of development. We use UML State Diagrams to express 
the life cycle of these meta-artifacts as they allow us to express parallel states. 

The behaviour of the meta-artifacts proposed in the SMM can be modelled 
in three parallel substates: NEG substate, SME substate and TBD substate. For 
each meta-artifact its corresponding substate is empty and has to be specialised 
at the subclass level. 

An example for NEG class is shown in Fig. 4. The NEG class has the parallel 
substates SME and TBD. The concrete state of an artifact will depend on the 
established relationships in the SMM. 

The NEG substate needs further specialisation in subclasses of NEG (see 
Fig. 5). Internal dynamic relationships are therefore defined inside and between 
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Fig. 4. Substates of Negotiation Meta-artifacts 




Fig. 5. States for Meta-artifact WinCondition 



the internal artifacts of a tool, i.e. they are a intra-tool concern. External dy- 
namic relationships are being modelled using the external static relationships, 
i.e. they have to be modelled when tools communicate. This absence of coupling 
between external and internal relationships, due to the hiding of the internal 
relationships, allows a separation of concerns and supports tool interoperability 
(see Section 4). 



3.4 Traceability 

Traceability refers to the ability to follow the evolution of an artifact in both 
a forward and backward direction and is important for intra-model evolution 
as well as inter-model evolution [7]. Traceability allows following an initial idea, 
through its development and specification, to its subsequent deployment and use, 
through periods of on-going refinement and iteration in any of these phases [9]. 
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Table 1. Examples for Traceability for WinWin and UML with Traceability Attributes 



WinWin artifacts 


Accuracy 


Completeness 


UML artifact 


WinCondition W17 
WinCondition W12 
Option 04 


Partially 

Largely 

Fully 


Partially 

Fully 

Largely 


Class ’’Student” 

Use Case ’’Register for Class” 
Deployment Diagram ’’Deployment” 



In our framework traceability is addressed by user established links describing 
relationships detected during the TBD stage (e.g., WinCondition — >• Class). The 
analyst is responsible to specify the links, there is no automatic conversion, 
however typical trace paths are known (e.g., WinCondition — >■ Issue — >■ Option 
— Agreement — >■ Use Case — >■ Class). 

In the case study traceability has been addressed through the association 
describes between NEC and SME classes. We improved the semantic value of 
these simple associations by using further attributes to describe the links to 
specify the degree of ” mapping” . An example is given in Table 1 using the 
attributes completeness, accuracy, and a simple scale (fully, largely, partially, 
not). 



3.5 Translatability 

Translation, in a general sense, means the transformation of a model from one 
language to another. The notion of translatability implies the degree of achie- 
vable translation between the concepts of two languages. In our case, we reduce 
the concepts managed to the meta-artifacts used in the modelling language, so 
translatability can be defined as the degree of semantic equivalence between 
the meta-artifacts of two modelling languages. This is important for inter-model 
evolution. Beyond traceability translatability allows to establish more specific 
relationships that are be defined by the user as ImplementedJjy, IncludedJn, 
Referenced-by, . . . also using scaled attributes. We need to establish a-priori 
mappings of semantic equivalence and specify links in advance to describe known 
possible mappings between meta-artifacts of modelling languages. Translatabi- 
lity can be achieved in two ways: 

Manually During the TBD step specific qualifications of the describes rela- 
tionships can be used to improve the semantic value of this relationship. 
This can be achieved using an ontology (thesaurus) allowing the definition 
of semantic equivalence between items. This step and the relationships esta- 
blished depend on the objectives of the modeller and of the tools involved. 
An ontology should be provided for each pair of tools/models in order to 
characterise the describe relationship. Examples are the qualifications Inclu- 
dedJn, ReferencedJjy, Is-Kind-Of, . . . 

Automatically Later converters can be built based on the mapping for auto- 
matic conversion. Mapping between instances of tool meta-artifacts (Artifac- 
tInstanceTool2 can be created based on ArtifactInstanceTooll). The conver- 
sion is not bi-directional and often partial. Examples are the qualifications 
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Table 2. Examples for Translatability for GroupSystems and UML with Attributes 



Tooll 


Meta-artifact 1 


Trust 


Tool2 


Met a- art if act 2 


GroupSystems 


Use Gase 
Analysis Level 2 


Fully 


UML 


UseCase 


GroupSystems 


Included in 


Fully 


UML 


Use Case 


UML Tool 


Actor 


Largely 


UML Tool 


Class 


GroupSystems 


WinWinTree 
Level 2 


Fully 


UML 


Class: 

stereotype 

WinCondition 



Implemented- by (UML Class — >■ C++ class), Extractedjrom (C++ class — >■ 
UML class). 

Both approaches can be mixed if the ontology defines the qualifications and 
the possibilities of automatic conversion. Table 2 shows some examples for 
translatability taken from the initial implementation of our approach relating 
artifacts in the GroupSystems negotiation system and artifacts of the UML 
(see Section 5). 



3.6 Framework Generalisation 

The framework previously described implies a negotiation activity/language, a 
system modelling activity/language and an intermediate step called TBD. Fig. 6 
depicts a generalisation of this framework to any kind of tools and modelling 
language used during the software development process. In this generalisation 
the TBD step/tool is considered as another tool. Its aim is mainly to support 
the process of transition from one tool to another showing the general problems 
that should be further investigated. This role cannot be assigned to any usual 
CASE tool because they do not manage transitions. The main ideas in Fig. 6 
are: 



— The Meta-artifacts of different tools can be related by an association, which 
is qualified by a LinkSpecifier. This Specifier determines the traceability 
and translatability properties of the link. Artifacts of different modelling 
languages and tools can be traced and translated following the link specifiers. 

— Each Artifact is simultaneously in different parallel states, belonging to 
the EMM of the association between TooLMetaArtifacts, i.e. each pair 
of TooLMetaArtifact will have an EMM determining the allowed sta- 
tes/transitions of its corresponding artifacts (instances). 

Although this generalisation needs for further research is very interesting be- 
cause simplifies the framework and includes the possibility of linking different 
tools by means of the establishment of the LinkSpecifier and the EMM. Espe- 
cially, we have to test if the EMMs for each pair of meta-artifacts are always 
symmetric: not-udopted/not-adopts; adopted/adopts. 




A Framework for the Elicitation, Evolution, and Traceability 



403 




EMM 



Fig. 6. General Traceability/Translatability Meta-Model 



4 Architectural Considerations 

Based on our proposed framework we discuss some basic interface requirements 
for tools to support synchronisation and maintaining consistency in evolutionary 
development. Existing approaches for method and tool integration use one the 
following approaches or a combination of them: 

— Interchange formats like CDIF [6] or XMI [18]: While these approaches sup- 
port the exchange of models between different tools there is no support for 
the evolution of meta-artifacts. 

— Meta CASE technology [2,10,14] supports customisable meta-model and cu- 
stomisable notation to develop or enhance modelling approaches. Although 
the construction of new tools integrating different modelling languages is 
possible (cf. [14]), the problem is the difficult integration of existing tools. 

— Repositories like Softlab’s Enabler [17] or the Microsoft repository [11] pro- 
vide a ’’database” for software engineering artifacts. Such environments sup- 
port a customisable meta-model and provide multiple ways to access artifacts 
to provide basis for a tool suites. 

There will be no universal semantics covering all combinations of tools. We 
prefer ad-hoc correlations between pairs of modelling languages and a general 
framework to cover further ad-hoc developments. Our approach towards realisa- 
tion and implementation could be called ” agent-based” supporting the following 
characteristics [1]: 

— Connect independent tools through minimal interface and keep knowledge 
in the tools 
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— Build transducers and wrappers to tools (’agentification’ [8]) 

— Adopt standard communication mechanisms (COM, KQML) 

— Adopt standard interchange format (XML, KIF) 

— Use facilitators for coordination and interaction of tools 

Intra-model relationships and dynamics are private to each tool (see Fig. 5). 
External tools do not need to know internally handled relationships and states 
of an artifact. Each model/tool needs to know the use/realization of its artifacts 
(inter-state). Consequently each artifact has two parallel sub-states: The intra- 
state handled by its tool and the inter-state which should be public. In this way 
the required ’’API” can be kept small and writing tool wrappers is simplified. 

What does this architecture imply for the design of the tools? They should be 
prepared to ask if one of its internal operations is allowed by an external future 
agent: e.g. to delete an artifact in WinWin the external agent should verify the 
external state of this artifact. Probably the kind of operations which require 
these queries are operations related with the identity of the artifacts (creation, 
deletion, renaming, . . . ) and general problems. Furthermore, the tools should be 
prepared to export its artifacts. 

5 Implementation 

We have partially implemented the concepts in order to: 

— Test and refine the framework: Obviously, the framework should be instan- 
tiated for different representation instruments, taking into account the li- 
mited possibilities of translation between tools supporting different levels of 
granularity and, in most cases, different semantic constructs [14]. 

— Explore architectures: Evaluate state-of-the-art mechanisms (like COM and 
XML) to support tool interoperability as discussed in Section 4. 

— Explore traceability and translatability between informal and formal repre- 
sentations: As pointed out before it is very difficult to establish semantic 
equivalencies due to the semantic gap between the meta-artifacts managed 
in the first stages of the software development. We believe that an adequate 
traceability mechanism is necessary to bridge these first phases. In further 
software development steps (design, implementation, test) more precise se- 
mantic equivalencies can be established defining new association between 
the involved meta-artifacts. For instance, between design and implementa- 
tion meta-artifacts: Implemented-by and Implements. 

— Improve stakeholder interaction: We replaced the WinWin Groupware tool 
used in the case study to explore the application of a Group Support Sy- 
stems (CSS) to improve stakeholder involvement and interaction in Software 
Engineering and to provide support for WinWin related activities. The CSS 
Ventana GroupSystems supports group activities like idea generation, cate- 
gorisation and prioritisation. This commercial package has been tailored to 
support WinWin related collaborative activities like gathering and elicitation 
of system requirements, categorisation and prioritisation of requirements, de- 
velopment of taxonomies, negotiation and conflict resolution following the 
WinWin approach, and the development of use cases. 
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Fig. 7. Architecture 



Fig. 7 shows the major elements the tool suite. The EasyWinWin integra- 
tor allows to establish traceability links manually and to initiate translations 
between WinWin artifacts in Ventana GroupSystems and UML artifacts in the 
Rational Rose CASE tool. 



6 Conclusions 



Given the available number of approaches and the differences in formality bet- 
ween modelling languages and tools we think that bridging gaps is often more 
important than inventing new approaches. The work shows that translatability, 
traceability and evolution using different modelling approaches is feasible. It 
is influenced by the degree of formality and the possibility of establishing se- 
mantic equivalence between modelling approaches. Semantic equivalence can be 
established in an intermediate step by an engineer familiar with the modelling 
approach and the domain using adequate computer-based tools. 

We believe that frameworks integrating different ways of representing kno- 
wledge are useful in the system development process. Such bridges support an 
iterative and evolutionary development process, and help to integrate different 
stakeholders (users, developers, . . . ) by providing different views on the evolving 
model. 
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Abstract. In this paper we propose a new combinatorial optimization method 
for parts matching in a precision assembly system. This method combines 
selective assembly with micro machining so as to produce high precision 
assembled units. From the simulation results, it is presented that the system is 
effective in a small lot production, where higher assembly rates can not be 
attained with conventional methods, in such that a higher rate is obtained if 
micro machining is used alongside. 



1 Introduction 

With selective assembly based on the combinatorial optimization method, a 
combination of parts is optimized so that high quality assembled units are obtained 
in a lot unit at the maximum assembly rate while dimensions of each part are 
referred to appropriately[l-4]. The assembly method proposed in this study 
combines selective assembly based on a combinatorial optimization method with 
micro machining so as to produce high precision assembled units. This method is 
applied to the high precision assembly system where hole parts are combined with 
shaft parts. Further, micro machining used for the correction of the dimensions of 
the parts is taken into consideration during the optimization of the parts 
combination, and it is attempted to verify the performance by simulation. 
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© Springer-Verlag Belin Heidelberg 2000 




408 



Y. Yamada et al. 



2 A Precision Assembly System Using Selective Assembly and 
Micro Machining 



This system consists of (1) a diameter measuring instrument by which the hole 
diameter of the hole parts and the shaft diameter of the shaft parts D^j (mm) are 
measured, and stored together with part numbers i and j, (2) a computer through 
which the optimum combination of the parts is determined by way of the 
combinatorial optimization method while parts’ data are referred to in a lot unit (lot 
size N), (3) a micro machining equipment by which the shaft diameters of the shaft 
parts at assembly are corrected so that the optimum combination may be obtained 
according to the instructions given by the computer, and (4) a selective assembly 
equipment by which combination target parts are selectively assembled according to 
the instructions given by the computer (Fig.l). 



Diameter measuring 
Hole parts instrument 



Selective assembly 
equipment Units 



a 


a 


-►a--aa-^ 

><rA X 


[a 


[>[>-► 









Micro machining 
equipment 



Parts’ data 



8 



Computer 



[a [a [3 



Fig.l. A precision assembly system using selective assembly and micro machining 



3 Micro Machining 

Micro machining used in this study is such that the parts to be machined are 
immersed into a tank of etching solution containing ceramic particles, and ultrasonic 
vibrations are applied for the sake of micro machining. This is to allow fine 
corrections of the dimensions so that the shaft diameters of the shaft parts may 
become suitable for the hole parts of objects to be combined while masking is 
provided for the plane not to be machined. 

With this method, the dimension of machining 8*(ji*rr)is proportional to the time 
of machining 

t (min) and is expressed as follows using the machining rate a ('itminin). 

8 = a ■ t (1) 

The limit of machining dimensions by which the quality of the micro machined 
plane is ensured is referred to as 8**, and machining dimensions are determined 
within the range of 0 <*8 <*8 . 
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4 Combinatorial Optimization Method 

Units are assembled by such a combination of the parts that at the time of assembly 
a clearance of meets with the following assembly rule. 

Ci<Qj<Cu ( 2 ) 

where Q is lower limit of allowable clearance and Cu is upper limit of allowable 
clearance. Here we refer to N sets of Dhi and Dsj . When micro machining is applied 
to shaft parts, shaft diameter correction is possible up to Dsj -2S as far as Dsj is 
concerned, and the assembly rule can be expressed as follows. 

Cl-2S*<Qj<Cu (3) 

In general, a variety of combinations of parts by which the number of assembled 
units reaches a maximum (maximum matching). Therefore, further considerations 
will be given to quality optimization of the assembled units. Difference of clearance 
Cj j and ideal clearance Q (= (Q +Cu)l2) (hereafter referred to as clearance 
difference) will be used as the index for quality of the assembled units. Among the 
clearance differences of the assembled units fulfilling the condition of maximum 
matching, there are some minimax matchings by which the maximum clearance 
difference becomes minimal. So, least square-sum minimax clearance is further 
obtained under the minimax condition and is referred to as least square-sum 
minimax matching. 

As shown in Fig.2, two methods are available in which micro machining is taken 
into consideration for the optimization of the combinations. 

Matching procedure-1 




Matching procedure-2 




OM : Optimal matching 
MM : Micro machining 
SA : Selective assembly 



Fig. 2. Matching procedures 
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Optimal matching- 1 and Optimal matching-2 are, respectively, defined as follows: 



(1) Optimal matching- 1 
Minimize 



(max L-d/.Z mj+N-{ {Cv~C,) / ifiN-Y. Z U 

^^-^^J-^'^CL<Cij<CU CL<Cii<CU 






CL<Cij<CU 



subject to 



Lij= 



where 



fCo-C/ 



□ C^Qj<Cu 

□ otherwise 



,N), ,N),n,={Q,\){i,j=\,--- ,N) (4) 



(2) Optimal matching-2 



Minimize (max L,j) "-Z ZD,y+n •{ {Cu-Cd 12+28*}^- (D-Z Zn.-y) + Z Z A/ -no' 

CLU2S* < C i ]< CU r-i ^ r- - ■ ^ r-ji ' ^ 



CLU28*<Cij<ClJ 



CLU2S*<Cij<CU 



subject to 



Lij= 



where 



UCl-28 <Q.<Cu 



Cij-Ci 

□ • {(Cv-Cl) 12+28 * } □ otherwise 



Zn„=i (/=!,■ -sA^), Zn-,=1(7=1,'",A^), □„={o,i}(/,i=i,---,A^) (5) 

In the case of optimal matching-2, micro machining dimension <5/ to be applied to the 
shaft part j is obtained from the following equation. 8j is designed so that the 
clearance after the machining may not exceed the ideal clearance. 



^ J {CiUQj)I2,C,-28*<QPCl 

^ (5* , Cl- 2S* ^ij<C I-2S* (6) 

The number of assembled units m is given by 
n Optimal matehing-1 , 

CL<Cij<CU 

'L'E^ij □ Optimal matehing-2 . (7) 

CL^2S*<CiJ<CU 



Using m, the assembly rateD is given by 

p = m/N . 



( 8 ) 
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5 Simulation 



We examine a numerical example with the parameters given in Table 1. The 
distributions of Du and Dg are, respectively, assumed to follow normal distributions. 
Performance of the two matching procedures are compared for lot sizes between 5 
and 100 in the Monte Carlo simulation (the number of simulations is 1000 in each 
lot size). The result of the example simulation is illustrated in Fig. 3 to Fig. 5. 



Table 1. An example problem 



Dh 


iV(8.4990, 0.0015^) mm 


Ds 


iV(8.4945, 0.0015^) mm 


Cl 


4.0 |dm 


Cu 


5.0 )j,m 


a 


6.0 {dm/min 


8* 


10.0 )j,m 



It is noticed from Fig. 3 that as for the mean assembly rate, the larger the lot 
size, the more combinatorial matchings become available. When both selective 
assembly and micro machining are used, higher mean assembly rates are attained 
even when the lot sizes are small as shown. Effectiveness of this system has thus 
been revealed. 




5 10 20 

N 



50 



thatching procedure-2 
(All assembled units) 



IsJatching procedure- 1 
(All assembled units) 



' Afttching procedure-2 
(Assembled units with 
micro machined parts) 

h^atc'hing procedure- 1 
(Assembled units with 
micro machined parts) 

hatching procedure 
100 without micro 
machining process 



Fig. 3. Relationship between p and N 




412 



Y. Yamada et al. 



In Fig.4, many assembled units with a clearance close to the ideal clearance are 
obtained within the assembly rule. The frequencies of the assembled units being 
micro machined are concentrated at the center of the assembly rulp 






Matching 
procedure- 1 


Matching 

procedure-2 


Units with 

micro machined parts 


■ 


■ 


Units without 
micro machined parts 


□ 


□ 



Fig.4. Distribution of C (iV= 100) 

In Fig. 5, the maximum micro machining dimension by matching procedure-2 is 
3.5pm which is almost 1/3 of the 10.0pm of matching procedure-1. The micro 
machining used in this study has the distinctive features that the machining of all 
shaft parts subject to the machining can be started at once and that the machining 
time is determined depending upon the maximum machining dimension. Short 
machining time is preferable from the viewpoint of a reduction of scattering of the 
quality of the micro machined plane. It can be said from the above that matching 
procedure-2 is superior to matching procedure- 1. 



100 

sS 

^ 80 

I 60 

cr 

4= 40 

0 

1 20 
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Fig. 5. Distribution of Smd t (Y=100) 
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6 Conclusions 

A high precision assembly system based on the combination of selective assembly 
and micro machining through a combinatorial optimization method is proposed. The 
quality of the assembled units is optimized while preserving the maximum assembly 
rate taking micro machining into account. The following findings are obtained by 
simulating combinatorial optimization methods of parts. 

(1) This system is effective in a small lot production, where higher assembly rates 
can not be attained with conventional methods, in such that a higher rate is 
obtained if micro machining is used alongside. 

(2) With the combinatorial optimization method for parts where micro machining is 
taken into consideration in advance, maximum micro machining dimension and 
maximum machining time of the parts can be greatly reduced and the number of 
assembled units close to the ideal state is increased. 
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Abstract. The assembly of complex microsystems consisting of several single 
components (i.e. hybrid microsystems) is a task which has to be solved to 
make mass production of microsystems possible. Therefore, it is necessary to 
introduce flexible, highly precise and fast microassembly methods. In this 
paper, the control system of a microrobot-based microassembly desktop 
station that has been developed at the University of Karlsruhe, will be 
presented from the lower to the planning levels. This comprises vision-based 
closed-loop control, user interfaces, a re-configurable computer-array, 
execution planning and assembly planning algorithms tailored to the needs of 
the microassembly station. 



1 Introduction 



The slow adoption of microsystem technology (MST) by industry has made it clear 
that many problems exist in mass-producing microsystems. Most batch processes 
are rarely applicable for the production of complex microsystems which consist of 
microcomponents made of different materials and which are manufactured using 
different techniques. This means that individual components must be very exactly 
assembled in one or more steps to form the desired microsystem. The 
microassembly systems which exist today are usually only fit for a specific task and 
depend on the manual agility of an operator or consist of microassembly robots with 
conventional drives which are extremely expensive and are due to mechanical wear 
and frequent maintenance. With increasing workplace miniaturization, however, it 

becomes more and 
more difficult to use 
conventional manipu- 
lation robots for 
assembling micro- 
systems. The manipul- 
ation accuracy is 
mechanically limited 
for conventional 
robots, since disturb- 

Fig. 1. Mobile micro-manipulation robots ing influences which 
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are often negligible in the macro-world, such as fabrication defects, friction, thermal 
expansion or computational errors, play an important part in the microworld. The 
next point is that the positioning accuracy and the tolerances of the microcompo- 
nents lie in the nanometer range, a few orders of magnitude smaller than in conven- 
tional assembly. These accuracy requirements can be obtained with microrobots 
having highly precise direct drives utilizing MST and advanced closed-loop control. 
A microrobot-based desktop station may offer the desired features and versatility. 



2 Concept of a Microassembly Desktop Station 

The concept of an automated microassembly desktop station, in which 
microassembly tasks can be executed using a closed-loop control approach, has been 
developed at our Institute. Each robot currently used in this station is equipped with 
a piezo-electrically driven base platform and a powerful manipulation unit which 
can be furnished with different tools. Fig. 1. The robots are mechatronic systems 
based on microsystem technology principles; they were presented in [1]. The most 
difficult task in the development of such a multi-robot station is the development of 
a suitable control and planning system, which should be scaleable and take into 
account the special requirements of microassembly. 



2.1 Microrobots 

The concept of mobile micromanipulation robots is shown in Figure 1. In order to 
manipulate an object, the robot travels to the working space using its positioning 
unit, and picks up the part by positioning the gripper using the manipulation unit. A 
gripped part can then be positioned using the manipulation unit or the positioning 
unit if it is to be transferred to a remote location. 

Both the manipulation 
and the positioning unit 
employ a microstep 
sequence for 

micropositioning; the 
robot has three piezo- 
legs which can be bent 
in any direction, 
allowing a precise posi- 
tioning in the range of 
3 pm with a motion 
resolution of 10 nm [1]. 

If a bigger distance is 
to be bridged, the legs 
are bent to the 
maximum stroke and 
then, a “step” is performed. By repeating this sequence with a frequency of up to 
10 kHz, speeds of up to 5 cm/s can be obtained (depending on the robot prototype. 




Fig. 2. Mobile micromanipulation robot prototypes 
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the base material and other factors of the surroundings, which has to be taken care of 
by the control system [2]). 

Figure 2 shows several implemented prototypes. The two prototypes in the front 
row, RobotMan and Miniman III (front left and front right) have been developed for 
the use with an optical microscope and a scanning electron microscope (SEM) 
applications, respectively. They were both designed for the special microscope’s 
requirements. 



2.2 Hardware of the Station 

Figure 3 gives an overview over the station’s components [3]. The robots and the 
station’s peripheral devices (an XY-stage, control of microscope parameters, 
lighting parameters, etc.) are controlled by a central hybrid parallel computer array. 
The visual sensors (CCD cameras) of the station are connected to a frame grabber 
with a vision system which detects the robots, the robots’ grippers and the 
microobjects under the microscope. This setup of a local and a global sensor system 
is commonly used for micromanipulation stations [4], [5]. 

Figure 4 presents the architecture of the computer system. The parallel control 
computer consists of two types of modules, namely Intel Pentium-based PC 104 
modules and micro-controller modules using the Siemens C167. The latter are used 
for high speed I/O tasks (e.g. up to 1,092,000 analog values per second for the 
control of the positioning platform), while the Pentium modules are responsible for 
vision, closed loop control [6] and communication tasks. The different types of 
modules are connected by dual ported RAMs (DPRs), one of which connects two 
computer modules and offers a communication means of high bandwidth (64 
Mbit/s) and low response time (360 ns). This is the base for any real-time control 




Fig. 3. Components of the desktop station 





Computer Aided Planning 



417 




used in the station [7]. The architecture of the computer array makes it easily 
scalable. A new robot can be integrated into the system by adding the appropriate 
micro-controller modules and a PC module and connecting them via DPR. The array 
nodes have detection algorithms which identify their surroundings at startup. By 
propagating the local maps from the PC modules to the server, the complete 
topology of the computer array can be determined automatically after a change. By 
displaying the map graphically, the user can easily assign modules to robots and 
other tasks. 

Linux is used as the operating system for the control computer. To meet the real- 
time requirements of robot control, Real-time Linux was chosen [8], which offers a 
real-time scheduler that runs the conventional Linux Kernel as one task and allows 
Real-time tasks which cannot be interrupted to run with a given priority. 



3 Comparison of Micro- and Macroassembly 

Microassembly differs greatly from conventional assembly in some aspects. These 
differences are caused by the small dimensions of the parts to be assembled. The 
biggest problems arise from surface forces. These become dominant for small parts 
(e.g. cubes with approximately 1 mm^) because when miniaturizing an object, the 
surface decreases by the second power, while the volume (i.e., the object’s mass) 
decreases by the third. 

This gives rise to problems due to 

• electrostatic forces (electrostatically charged objects or base materials 

• surface tension forces (humidity of the surroundings) 

• Van der Waals forces for very small objects 
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The effects of the surroundings can be avoided using a suitable air-conditioning or 
clean-room environment, but the other effects are inherent to the manipulation of 
microscopic parts. Figure 5 illustrates the relationship between part size and 
adhesive forces. Below a certain “critical mass^” of the parts, adhesive forces 
play a dominant role and make manipulations unpredictable if no actions are taken 
to cope with these problems. 

Figure 6 shows an example of an object (a microgearwheel with a diameter of 
less than 1 mm) sticking to the gripper of a robot. First, the object is grasped (Figure 
6, top), then the gripper was opened, but the object stuck to the left gripper of the 
robot (Figure 6, bottom). The cross-hair in the picture marks the original center of 
the gearwheel to illustrate the sticking effect. Also, the reverse effect can be 
observed: parts “jumping” from the gripper due to electrostatic charge. 





^T\i 

» 

Fig. 7. Limited depth of field 



’ in this case, in the microscopic sense 
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One possible approach to avoid sticking objects is to involve a second robot 
which is equipped with a “helping hand”, which consists of a simple needle-shaped 
gripper tip to brush off the object, minimizing the contact faces by the small 
dimensions of the needle. Even with this approach, it is quite obvious that 
microassembly demands for sensor surveillance - not only for assembly operations, 
but also for operations as simple as grasping or dropping a part. Micro-effects 

should also be taken care of already at the planning level^. Unfortunately, vision in 
microassembly also suffers from the small dimensions of the parts. In the case of an 
optical microscope, the main problems are a small depth of field and view. Figure 7 
shows a microobject and the gripper which is a few mm above the object. 
Depending on the focal plane of the microscope, either the gripper or the object is in 
focus. The picture shown is approximately 4 mm wide, which gives an idea who 
hard it is to keep track of all the objects located in different parts feeding devices on 
the working space of the robots, which can extend to several dm^. Also, this makes it 
harder to perform tasks by several robots cooperatively. 

The limited field of view is also a problem in SEM applications, while SEMs 
offer an excellent depth of field. On the other hand, electron microscopy imposes 
several restrictions on the possible processes like vacuum compatibility, problems 
due to the electron beam or problems due to non-conductive materials which pose a 
challenge to the electron optics. 

The problem of the limited field of view can be solved by the use of a second 
CCD camera (“global camera” in Figure 3). This makes it possible to track several 
robots traveling on the platform while a simultaneous micromanipulation under the 
microscope is possible. We are also evaluating this concept for scanning electron 
microscopy [9]. The other problems of vision in microassembly have been discussed 
in [10]. It is obvious that this additional vision sensor - along with multi-robot 
operations and precautions to compensate for micro-effects - makes the control 
architecture more complex. In the next section, we will present how we addressed 
these topics. 



4 Control System Architecture 

Figure 8 shows an overview over the station’s software architecture. In order to 
compensate the problems of microassembly, a special assembly planning module 
has been developed [11], [12], [13] based on [14]. This module takes into account 
the given resources of the station (e.g. different sensors which insure controllability 
of assembly steps in different directions of observation). In the decomposition 
phase, the assembly plan is allocated to robots according to their operational 
capabilities. 

In order to make multi-robot operations possible and allow the user to add and 
remove robots easily from the system, a distributed approach was chosen which 
relies on a central supervision and execution unit which provides the local robot 
control objects with the desired motion sequences. The communication framework 



^ i.e. by always mounting small objects onto a bigger and therefore heavier sub-assembly 
which is not affected by micro-effects. This will be discussed in Section 5. 
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is based on CORBA which is extended to make dynamic real-time execution of 
tasks possible. In this Section, we will describe this architecture in detail starting 
with the mapping of physical objects in the station to logical objects in the following 
sub-section. 



4.1 Modeling of the Station’s Components 



To be able to scale the system as easily as possible, the physical objects involved in 
the microassembly station were mapped to C-i-i- objects by a permutation mapping. 
Thereby, all real robots RR,, is{l,...,n} are represented by a robot object RO,, 
is{l,...,nj, derived from the class robot CR. The sensor objects are divided into 
the two classes local sensors and global sensors and are represented by the objects 
Gj, is{l,...,nj and 4 , is{l,...,nj of the classes CG and CL, respectively. Objects to 
be assembled are also represented by (micro-) objects O., j€{l,...,k} of 

the class CO, which play an important role in the manipulation process, as we will 
see. The class identifier j denotes which type the physical object belongs to, i.e. 
gearwheel, axle, etc. Furthermore, a class representing the XY-stage, CT exists. As it 
is common practice in object-oriented programming, these objects are derived from 
abstract base classes ACi, ie{R,G,L,0,T}, which contain methods common to all 
objects of a given type, e.g. the robot base class can be given motion commands, can 
report its current position and orientation, etc. 
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Fig. 8. Software architecture 
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To keep track of the processes in the station and to avoid deadlocks and resource 
collisions, all aforementioned objects have an internal state which can also be 
queried by a supervisor and is set by different actions. The objects’ states are set by 
actions which are executed in the station, e.g. “grip object”, “drop object”, “goto 
position”, etc. To guarantee a deadlock-free execution, all state transitions were 
modeled using finite state machines and the possible object transitions were checked 
using Petri-nets. As an example, we will discuss the most complex object, the robot 
object. Figure 9 shows the possible states of the robot class. The transitions Ra...Rk 
correspond to special actions that may be taken in the station. Table 1. 




Fig. 9. State chart of the robot class 



Table 1 State transitions for the robot class 



Action 


Obj. 


Local 


Global 


Remarks 


Ra 






Ga, Gb 


Motion using global camera 


Rb 




Le 


-Ga, -Gb 


Mic position, local camera 


Rc 


Oc 






moving under mic. control 


Rd 






-Ga, -Gb 


Mic pos. local cam w/ obj 


Re 




Lb 




Mic pos. local cam w/ obj 


Rf 




Lb 




Gripping obj 


Rg 








moving under mic control 


Rh 




Lc 


Ga, Gb 


leaving mic pos 


Ri 






-Ga, -Gb 


yielding 


Rj 


Of 






Dropping object?! 


Rk 


Of 






Dropping object?! 



The columns “Obj”, “Local” and “Remote” denote which state changes in other 
classes are caused by the actions. E.g. recognizing the robot’s gripper under the 
microscope means performing vision with the local camera, therefore this action 
triggers and requires the Le transition of the Local camera object. Note that 
transitions Rj and Rk are “dangerous” and should be avoided because dropping an 
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object without sensor surveillance leads to unpredictable results (sticking to the grip- 
per in the worst case, which cannot quite be called “dropping” the object), as we 
have seen in Section 3. These transitions are modeled for the sake of completeness, 
but they are never requested by assembly or execution planning. 

After having designed the state transitions for all classes {CR,CG,CL,CO}, the 
possible actions which can take place in the station were identified (events which 
trigger a state change in one or several objects). To prove that this system is able to 
perform the desired processes and to prove the absence of inherent dead-lock 
situations, we mapped the state changes onto a petri-net. In this net, transitions 
correspond to actions in the station during an assembly process, and places to states 
of the objects of the control system. The net for a single-robot system consists of 22 
places and 16 transitions. The reachability tree proved that this net is ordinary, 
conservative, bound, safe and life. For the assembly process, this means that no 
resource collisions or multiple assignments may occur and no deadlock-situations 
can be reached accidentally. The analysis of a two-robot scenario led to a net with 
31 places and 33 transitions with the same properties. 

Figure 10 shows a result of the simulation of the net: all possible processes in the 
station were calculated; depicted is a pick-and-place operation under microscope 
control. Flere, the robot first travels to the microscope using the global camera (T2), 
reaches the microscope (T7), then, the XY-stage and the robot are moved 
simultaneously (T9) to bring the microobject into the field of view of the 
microscope, next, the object is gripped (TIO) and finally dropped under the 
microscope. 




Fig. 10. Simulation result of the petri-net model: pick and place under sensor surveillance 



4.2 Negotiated Real-time Connections 

CORBA provides an excellent framework for scheduling and coordinating the 
execution process in the station, as it has already been implemented in higher-level 
coordination of manufacturing systems [15], [16], but in order to be able to control 
the robot system in real-time, we propose an extension to the CORBA mechanisms. 
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Normally, components are managed by the ORB of the CORBA system which 
dispatches the RPC-based requests from clients to servers (Fig. 8). To make these 
requests real-time capable, two approaches can be taken: either, the recently 
proposed Real-time CORBA [17] could be employed and the communications 
channel could be changed to a real-time channel (which Ethernet is actually not). 
This could be done by employing the TCP/IP stack for the DPRs which we have 
developed and therefore using a real-time medium for communications (the DPRs). 
This is based on a kernel module which makes the Dual ported RAM cards behave 
like a conventional network card. Two problems remain unsolved using this 
approach: first, there is no implementation of the real-time CORBA available today, 
and second, neither the objects RO, G, L, O and CT nor kernel module for network 
communications are real-time modules by default. Implementing the complete 
objects as real-time modules would mean a big overhead since large portions of 
these objects are not subject to real-time constraints. 

A second way to guarantee real-time behavior of the control system is presented 
in the following. Suppose two objects which require a real-time communication 
channel, e.g. a robot object R and a camera object G. To avoid having to implement 
the whole objects as real-time kernel modules (which would imply that many non- 
critical functions are executed in real-time), the time-critical procedures can be 
identified and located in a real-time module. When the robot object is to perform a 
task which requires real-time communications with the camera object, it establishes 
a real-time communication channel by sending the camera object a handle to the 
DPR memory used for real-time communication. 

Figure 11 gives an overview over this kind of negotiated real-time 
communication (NRC). The fact that the scheduling of assembly tasks in the station 
is collision- free as shown in Section 4.1 grants that no dead-lock situations can 
occur during negotiated real-time operation. Note that only a small part of the robot 




Fig. 11. Real-time communication with CORBA 
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and camera object is a real-time module. Thereby, only time-critical tasks run in the 
real-time kernel, which improves the overall response times of the computer module 
for non-real-time tasks. The control algorithms are designed in such a way that 
interrupts from the upper control levels still can be executed by cyclically yielding 
control from the real-time module. Figure 12 shows an example how NRC is 
established and how objects change their states according to commands from the 
supervisor module. The task consists of detecting an object on the XY-stage and 
moving a robot to that position. First, The microobject is told to locate itself on the 
base. Therefore, it allocates the XY-stage (table) and the local (microscope) camera. 
When the local camera acknowledges this request (acknowledge messages are not 
shown for the sake of clarity), DPR handles are exchanged and NRC is established. 
The next task which is dispatched by the supervisor is “GotoMic” which tells a robot 
to move to the microscope position. The robot first uses the global camera to reach 
the microscope position and next the local camera to be able to pick up the part. 
When observing the robot and the microobject (i.e. an assembly process), the 
camera object is connected to RO and the O, via NRC. This is necessary since both 
the robot’s gripper and the object have to be detected in order to manipulate the 
object. 



Supervisor 


Robot 


Global C. 


Local C. 


Object 


Table 
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free 
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free 
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free 
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ne edCam — — 

process 
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Fig. 12. Communication to establish NRC (simplified) 

The microobject O, contains special methods specific to the physical microobject 
at hand. Different objects require different grasping strategies and mounting 
techniques. These properties are specific for each object class CO derived from the 
object base class for a specific physical microobject. 



5 Microassembly Planning 

As mentioned in Section 3, efforts should be taken to avoid or minimize micro- 
effects on every level of the planning and execution system. After discussing how to 
cope with micro-effects by taking them into account when designing the control 
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system, we will now analyze how they can be taken care of already at the planning 
level. 

Considering the scenario in Figure 6, it is clear that mounting a part p. of mass m., 
m,jn^ onto a small subassembly p=Pj+Pj+,+--+Pt with m<m^ and m.+m<m^ leads to 
the same problem. Performing such a subassembly can be avoided already at the 
planning level if all parts with this interfering “micro-property” are marked accor- 
dingly in the parts database and the assembly planner optimizes the assembly 
process in such a way that offending subassembly steps are avoided. A special case 
would be a complete assembly p with 

n n 

i=l 1=1 

which can be the case for small microsystems. Flere, the assembly planner indicates 
that using an assembly aid is necessary on which the assembly takes place and 
which has a mass m»m^. Apart from this, the assembly planning must also 
guarantee visibility and feasibility of all assembly steps. Therefore, the assembly 
planning module presented in [9] based on [14] was extended to account for micro- 
effects as mentioned above. 

The assembly planning system offers a intuitive user interface which integrates 
into the user interface of the whole robot system. The parts specifications are entered 
using a CSG (constructive solid geometry) system. Figure 13. The planning module 
generates an assembly plan based on the parts specifications and decomposes the 
plan according to the number of robots and their capabilities concerning the 
necessary operations for the assembly. Figure 14 [12]. 

If an operation fails due to a robot which is not responding or a faulty 
manipulation, the incident is reported to the supervisor which analyzes the fault and 
either requests manual assistance or re-planning from the planning module. In case 
of a necessary re-planning, the system is capable to perform the re-planning online if 

the number of parts involved in the subassembly is sufficiently small^. The 




^ the system is able to perfomi re-planning for 7 parts in 0.3 seconds on a Intel PII-400 system 
[13]. 
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decomposition of very large assemblies into several sub-assemblies is essential since 
assembly planning is NP-complete [18], [19], and normally, the user is able to easily 
identify subassemblies which are suitable for separate planning. 




Fig. 14. Assembly plan decomposed for three robots 



5.1 Experimental Results 

The motion performance of a robot of type t is described in the planning system in a 
rather simple way by a 6-tuple 

Rr d,^, dj, (1) 

where T is the number of a type of the manipulator; d^^l, if the manipulator of type t 
is able to move the gripped part in the direction p, otherwise 

In [11, 12], complete algorithms for the generation of feasible assembly 
sequences and for selecting the best assembly plan were introduced. 

The planning system developed has been tested by an example of an automatic 
assembly planning of the worldwide smallest micromotor, which is made by 
Faulhaber, Germany (Figure 15) [20]. 

For testing, two groups of robots were supposed to be employed. The first group 
includes R, ^ ^ (0,0,1, 0,0,0} and the second group includes R^ = R^ ^ 

(0,0,0,1,0,01 (1). The product reasoning and assembly planning was implemented 
on an Intel Pentium 11-400 PC under Linux 2.0.36. The base language for 
programming was C. 



Computer Aided Planning 



427 




(a) (b) 

Fig. 15. Assembly example: (a) initial configuration and (b) final configuration 

Example 1. The best assembly plan is decomposed for three robots (Figure 16). In 
this example, three robots were working to perform the task without errors (Table 
2 ). 




Figure 16 The best assembly plan. 



Table 2 The assembly protocol. 



Tac 


Robot 


Operation 


Gripped 


Base 


Status 


t 






part 


part 




1 


1 


1 


part 2 


part 1 


yes 




2 


2 


part 6 


part 4 


yes 




3 


3 


part 7 


part 5 


yes 


2 


1 


4 


part 3 


sub 1 


yes 




2 


5 


part 8 


sub 3 


yes 


3 


1 


6 


sub 2 


sub 4 


yes 


4 


1 


7 


sub 5 


sub 6 


yes 
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Example 2. In this example four robots were performing the task (Figure 17). In the 
first tact, robots and were assumed broken (Table 3). From then on, the only 
working robots were R^ and R^. Table 4 shows the time needed for planning or for 
re-planning. 




Table 3 The assembly protocol with re-planning and re-decomposition. 



Tac 


Robot 


Operation 


Gripped 


Base 


Status 


t 






part 


part 




1 


1 


1 


part 2 


part 1 


no 




2 


2 


part 6 


part 4 


no 




3 


3 


part 7 


part 5 


yes 


Re-decomposition 


2 


3 


1 


part 2 


part 1 


yes 




4 


2 


part 6 


part 4 


yes 


Re-planning 


3 


3 


4 


sub 1 


part 3 


yes 




4 


5 


sub 3 


part 8 


yes 


4 


3 


6 


sub 4 


sub 2 


yes 


5 


3 


7 


sub 6 


sub 5 


yes 
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Table 4 Time spent for planning (re-planning). 



Number of parts 


Number of sequences 


Time, sec 


8 


192,512 


3.677321 


7 


12,288 


0.232050 


6 


1,280 


0.023115 


5 


192 


0.003416 


4 


24 


0.001002 


3 


4 


0.000704 


2 


2 


0.000659 



6 Execution Planner 

The motion control of the robot is based on its geometric description. The aim is to 
control the robot movements in a such way that, first, the working part of the robot 
endeffector (its tip, as a rule) is moved from the initial (actual) point to the aspired 
end-point and, second, the certain orientation of the robot in the final state is 
achieved. The requirements for the robot movement depend on the task to be 
performed. One can distinguish between a transportation task (coarse motion) and a 
micromanipulation task (fine motion). In the first case, the robot has to transport 
microobjects over a relatively long distance so that the highest motion speed and an 
optimal trajectory must be provided. In the second case the robot manipulates with 
microobjects under a microscope; it means that the endeffector tip must stay in the 
view field of the microscope during the robot motion. 

In Figure 18 the rectangular coordinate system XOY describes the robot position. 
The polar coordinate system XjOjtpp i=l,...,3 describes the step direction of the leg i in 
regard to the robot platform. The coordinates (X^, YJ of the endeffector tip and 
angle between the axis OX and the symmetry axis of the robot passing through 
the back leg (X^^, Y^^) serve as the sensor information from a CCD-camera for a 
closed-loop control of the robot. This information fully determines the position and 
orientation of the microrobot in the initial state. The geometric model of the 
microrobot platform is described by the following constant values: 

(|) = Z0,A02 =Z 02 A 03 

ij = |aOi| = [aOjI 

^2 ~ I 

I3 =|ao2| 
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Fig. 18 The base orientation of the microrobot 




The base orientation of the platform corresponds to the platform position at angle 

a^=90°. So, a task of motion control of the microrobot can be formulated in the 
following way. In the coordinate system XOY, the initial parameter set Y^^), 

a^} and the final parameter set {(X^^, Y^^), oc'^} are given. It is necessary to 
calculate the motion vector values U. = (x^, cp^j), i=l,...,3 in correspondence to the 
coordinate system XjOjtpj. 
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6.1 Linear Motion 

To simplify the description, suppose OC^^OCg. For performing linear motion from 
point A to point B (Figure 19) motion vector U. = (x^, (p^) must be simultaneously 
applied to all three piezolegs. Coordinates (x^j, tp^j) of vector U. can be calculated in 
the following way: 

|xui : Xu2 : Xu3 = 1 : 1 : 1 
1^’ui ~ ^U2 “ ^*U3 



6.2 Rotation 



Motion vectors Ui for all three piezolegs, which are necessary for rotation around 
the point C, are shown in Figure 20. The vectors Ui = (x^j, (p^j) are also tangential to 
the rotation circumference. The motion vectors Ui are calculated as follows: 

^U1 ■ ^U2 • ^U3 “ I ■ |C^02 I • I 



<tPj = 90 + a-(3j, where! = 1,.. .,3 



P. 



= arctg 





n 

1 

o 


\ 




Xc-Xo, 


> 



( 3 ) 




Fig. 20. Rotation of the robot around point C 
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6.3 Advanced Motion 

This motion consists of a (simultaneous) superposition of a rotation motion at an 
angle 0 and a linear motion at a distance L. One advantage of this method is a 
possibility to move along an optimal trajectory in minimal time. Its disadvantage is 
that the actual direction of the linear robot motion is determined by its current 
orientation and must be continuously corrected (Figure 21). 




Fig. 21. Robot motion during the coordinated motion 
a) coarse motion: rotation center - leg 2; b) fine motion: rotation center - endeffector 

To determine the motion vectors U. = (x^j, cp^j), i=l,...,3 an interaction of both a 
rotating and a translational component of platform movement must be considered. 
Vector U. for piezoleg i is calculated as a sum of motion vectors U“”“ and U™“ : 

U. = U'™” + 11™“ (4) 



7 Conclusion 



In this paper, we have presented a microassembly system based on mobile 
microrobots. It incorporates several vision sensors to perform robot motions and 
micromanipulations under sensor control either on an XY-stage under an optical 
microscope or inside the vacuum chamber of a scanning electron microscope. 

Manipulation of objects smaller than 1 mm requires special methods due to 
micro-effects like adhesion of the parts to the gripper. These effects make vision 
systems indispensable; they also have to be taken into account both at the control 
and already at the planning level. 
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The micromanipulation station uses a multi-robot approach to speed up assembly 
by parallel operations. This also makes special operations possible which cope with 
micro-effects, like a “helping hand”. 

The control system of the presented station is tailored to the requirements of 
microassembly and is highly scaleable due to a transparent mapping of physical 
components in the station to logical objects. Thereby, adding a new component like 
a robot is very easy. Moreover, the representation of physical microobjects by 
logical objects grants optimal adaptability to new types of objects. 
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Abstract. One of the most interesting and probably more difficult challenges 
in developing Software Systems is the modelling of their evolutionary 
capacity, that is to say, to gather the possibility that the Software Systems will 
go ahead in the future with the necessary changes to adapt to the environment 
using a different and new functionality. Modelling this evolution requires to 
have into account what kind of changes and modifications could follow and 
support a Software System during its life and also during its development. The 
evolutionary characteristics of a Software System can be approached by 
abstract evolutionary models, which can be further formalised. This 
formalisation makes operational the abstract evolutionary models and allows a 
kind of representation of the evolutionary process that could support the 
specification and mapping into concrete specification and implementation 
tools. These tools further allow us to obtain concrete and functional Software 
Systems. 



1 Introduction 

Software Systems change and suffer modifications imposed by the modeller 
(developer) during their development process. This is not the unique evolution that 
Software Systems must support. They must evolve later along their functioning life, 
because they are part of Information Systems and the interaction with the 
environment concern them in a way that requires to perform changes in the structure 
or functionality in order to continue being useful. That is to say, they ought to 
assimilate the modifications suffered by the Information System, as well as the new 
requirements not expressed before. 

With these evolutionary necessities in mind, we can think over two forms of 
evolution of Software Systems. The modeller is the most important element in both 
because he is responsible of the design and modelling process and the capacity of 
the Software System to evolve when immersed in the Information System: 

I) The modeller driven evolution: implies a direct intervention of the modeller 
changing the Software System. 
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2) 7The self-evolution of the Software System depending on certain mechanism 
defined by the modeller. 

In a previous work [10], we presented a biological approachto the modelling of 
the evolution of Software Systems, using an interdisciplinary point of view within 
the System Theory framework [4] and having in mind the existence of some degree 
of isomorphism [2], that allows us the use of models from different disciplines. 
Later we proposed [11] a general framework of the modelling of the evolution 
process of Software Systems in which a three layerstructure was presented: 

1) Abstract level: Mechanisms and models of software evolution related to the 
activity of the modelling (development) systems. 

2) Formalisation level: Formal models of evolution which try to make 
operational the previous mechanisms and models. 

3) Specification level: The previous formal models should be mapped into 
concrete representation and implementation tools, which allow us to obtain 
functional Software Systems. 

In this paper the development of the formalisation level will be presented using 
the following organisation: 

Firstly we introduce the elements of the structure of a Software System that will 
be needed for further explanations. Secondly, the mechanisms of evolution are 
presented, followed by the enumeration of the abstract models of evolution. Later, a 
detailed explanation of the formalisation of the models is developed. Finally, the 
possible applications of the formal models will be outlined. 



2 Structure of a Software System 

For us, following Parets [6] and Parets et al. [7] [9], a Software System (SS) is a set 
of processors that interact between them and with the environment, in such a way 
that the whole Software System could be viewed as a processor from the functional 
point of view. Furthermore, the functionality of a Software System as an object is 
reached by the processors that belong to it, through the activation of theirs actions. 
Parets [6] proposes a representation of Software Systems using concepts from the 
General System Theory [4]: processors, environments, systems, actions, events and 
decisions. This structure use a historical representation of the functioning (System 
Functional History) and a historical representation of the structure (System 
Structural History). Parets introduces the concept of Software Metasystem (MS): a 
System that allows the interaction between the Software System and the 
Development System. The elements of this basic structure are the followings (Figure 
1 ): 

1. Action Interface (AT): Using this interface messages and functional actions 
pass to and from de System (the SS and the MS). This is the way to 
communicate with the System’s functional environment. 

2. Evolution Interface (El): Through this interface structural actions and 
messages related to them pass to and from the System. Actions and messages 
come from the Metasystem to the Software System, and from the Modeller to 
the Metasystem (the development environment). 

3. Processing Structure: Set of processors that work within the system, 
performing actions. 
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4. System Functional History (SFH): Memory of the functional actions, 
represented by functional events, performed by the System or its processors. 

5. System Structural History (SSH): Memory of the structural actions developed 
over the system, represented by structural events. 

6. System Decisional History (SSH): Memory of the decisional actions 
developed over the system, represented by decisional events. 

7. Decision Subsystem (DS): Processors that take decisions about the actions 
performed by the System 

8. Genetic Subsystem (GS): Processor that take decision about the evolutionary 
actions. 

The actions are related to events that symbolise them. These events are symbols of 
the execution of actions and are recorded in the history of the System. Anaya et al. 
[1] proposed that the functionality of a System is determined by: 

1. Spontaneous actions performed by the System’s processors when the 
established conditions are satisfied according to the Decision Subsystem. 

2. Execution of actions required by the environment through the Action 
Interface. 

3. Execution of actions started by 1) and 2). 




Fig. 1. Elements of the basic structure of a Software System 



Functional Structure The functional structure of a System, common to the 
Software System and the Metasystem, isthe following: 



Definition 1 (System Structure ). The System Structure is defined as SS =(PS, ES, M) 
where PS is theprocessing structure, ES is the entry structure and M is the system 
memory, s.t. (such that): 

System Structure: (PS, ES, M) 

PS = {P I P is a processor for the System} 

P = { AS I AS is an action in the System} 

ES = {AS I AS is an action of the System Interface} 
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This definition allows that the System behaves as a processor, and so it can 
replace a processor. We could say that the ES of a System is a processor. 

AS = (f^CT, Conditions) 

Activity Function. 

Conditions: established over the activity function. 

M = memory of the System: (SFH, SSH, SDH) 

SFH = sequence of stimulus happened over the ES and events of the PS. 
Represents the sequence of actions performed through time, i.e. the 
functional state of the System. 

SSH = sequence of structural events that correspond to functional events of 
the Metasystem. Represent the structural state of the System. 

HDS = sequence of decision events previous, during and at the end of the 
actions. Represent the decisional state of the System. 

Following Parets [5], we think that a Metasystem, which is part of the 
development system, exists. Its main function is to perform changes in the structure 
of the Software System. The Software System and the Metasystem are isomorphic, 
that is to say, they have both the same structure, and the Functional History of the 
Metasystem records its functional actions. This implies that the Structural History of 
the System is a subset of the Functional History of the Metasystem. 

Both Software System and Metasystem can perform several adaptations 
following the same models. In the rest of the paper we will use the term System to 
include Software Systems and Metasystems, unless we make an explicit distinction. 



3 Mechanisms of Evolution 

Mechanisms are abstract schemes of co-ordinated activities of evolution performed 
by the different components of a System. This activities produce a modification of 
the System. Mechanisms represent the ways used by a System to change itself in 
order to evolve 

We propose two kinds of mechanisms borrowed from biology: Heredity mechanisms 
and Adaptation mechanisms. 

Due to its high level of abstraction, both of them are, as general concepts, 
independent of any structure, although they will have a concrete representation 
depending on the structure. The mechanisms are also independent of the evolution 
model used. 

In certain way, we must accept that the modeller act as Meta-Mechanism that is 
capable of conducting the role of the mechanisms. 



3.1 Adaptation 

Adaptation is based in the necessity of accommodation, learning, mutation and 
differentiation according to the requirements of the environment. This is the general 
way used to modify its structure (assimilation, adaptation by 
mutation/differentiation) or to modify the use of its structure (accommodation, 
adaptation by accommodation/leaming). 
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Adaptation by Accomodation/Learning. We understand the concept of 
accommodation as the possibility of modifying the interrelations of the System 
processors without modification of their composition [5], It is a process that does not 
obey pre-programmed rules, in such a way that there is no uniform answer. 

This kind of adaptation occurs in a favourable functional environment, in which 
the System is able to act using the actions implemented in its action interface. We 
accept the possibility that a learning process that helps the System to reach the better 
answer exists. This implies that a System can adapt to the environment, learning the 
better way of using its own structure without changing it. 



Adaptation by Mutation/Differentiation. This is a more radical process than 
Accommodation/Leaming, and it will imply structural changes, producing new 
possibilities of accommodation. This kind of Adaptation occurs within a resisting 
environment. 

The structural change requires the intervention of the Metasystem, because 
Systems in general and Software Systems in particular are not selfending 
(autofinalitarios, buscarlo en bibliografia). If the affected is the Metasystem, the 
changes require the intervention of the Modeller (as Meta-Metasystem). 



3.2 Heredity 

The heredity mechanisms is the general way used to produce descendant Software 
Systems that inherits the adaptations performed by their parent(s). Some inference 
engine, with decision capacities and present in the system, decides which will be the 
structure of the next generation of descendant Software Systems. This decision will 
take into account the structural properties with adaptive survival value present in the 
historical memory of the system. 

We have to remark that not exclusively the initial structures are inherited. The 
modifications performed as a consequence of adaptations by 
mutation/differentiation, and the capacity to go ahead with adaptations by 
accomodation/leaming are also inherited. This implies that structural modifications 
which involves to the way used to adapt by accommodation learning can be 
introduced during the evolution process. 



4 Models of Evolution 

The second element of the Abstract Level are the Models of Evolution. This Models 
are symbolic representations of the possible ways of introducing changes in the 
Software System by the interaction of the Adaptation mechanism, the Heredity 
mechanism and the Modeller. In considering these models we have into account the 
abstract structure of interaction proposed in [6]: 

a) The Modeller which decides what changes have to be carried out in the 
Software System. 

b) The Metasystem which symbolises the modeller actions. 

c) The Software System which suffers changes. 
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Several evolutionary models were presented in [1 1], all of them supported by the 
Adaptation and Heredity mechanisms: 



Software Systems Evolution Models 



1 . Modeller Driven Meta-Teleology 

2. Modeller Driven Teleology 




Fig. 2. Relation between Modeller, Metasystem, Software System and Models of Evolution 
The Models proposed are: 

Modeller Driven Meta-Teleology. The Modeller carries out modifications of the 
structure of the Metasystem (Figure 2, arrow 1). This Model applies the Mechanism 
of Adaptation by Mutation/Differentiation. 

In this case, the activity of the Modeller is performed using actions of the Evolution 
Interface of the Metasystem. 

This modifications could be stored in the descendant Metasystems. The modeller 
can change the viewpoint and discernment of the MS and therefore change the 
criterions used to decide about adaptation and inheritance. 



Modeller Driven Teleology. The Modeller through the Action Interface of the 
Metasystem produces changes in the Software System (Figure 2, arrow 2). This 
Model applies the Mechanism of Adaptation by Mutation/Differentiation. 

This model, as the former, reflects the direct intervention of the Modeller in the 
evolution process, through the Action Interface of the Metasystem and the Evolution 
Interface of the Software System. 

This changes also are supposed adaptive and potentially inheritable, then they 
could be incorporated to descendant Software Systems. 

Inheritance of the Acquired Meta-Characters. A new Descendant Metasystem, 
which could inherit the new meta-characters acquired by the old MetaSystem 
during its evolution, is produced (Figure 2, arrow 3). This Model applies the 
Mechanism of Heredity. 

The initiative to produce a new system belongs to the Modeller, even in the case 
when the Genetic Subsystem of the Metasystem take part in the process. 
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Inheritance of the Acquired Characters. A new Software System is produced, 
which could inherit the new characters acquired by the old Software System during 
its evolution (Figure 2, arrow 4). This Model also applies the Mechanism of 
Fleredity. 

In this case the initiative to produce a new system begins in the Modeller, like in 
the last model, and the Genetic Subsystem of the Metasystem also takes part. The 
Genetic Subsystem of the Software System is not involved in this type of changes, 
because the aim of this process is the production of a new entity. 



Metasystem-SS Self-Adaptation. The Metasystem interacts with the Software 
System in order to produce structural changes of the S.S. without intervention of the 
modeller (Figure 2, arrow 4). This Model applies the Mechanism of Adaptation by 
Mutation/Differentiation. 

The decision about the adaptation is taken by the Genetic Subsystem of the 
Metasystem 



System Self-Adaptation. The Software System (or Metasystem) performs an 
adaptive process without intervention of the Modeller and the Metasystem (Figure 2, 
arrow 6). This Model applies the Mechanism of Adaptation by 
Accomodation/Leaming and does not produces structural modifications. 

This model was not included in former proposal [10], [11]. We think that it must 
be included to gather the possibility of adaptation of a SS by itself , with no 
structural change,. 

In this case the decision is taken by the Genetic Subsystem of the Software 
System, because there is no structural modification 



5 Formal Models 

In order to make operational the previous mechanisms and models, we could try to 
find concrete representations in programming languages or in software development 
tools. This approach, very practical, has the problem of saving the distances between 
the previous concepts, proposed in an abstract level, and the concepts used in 
programming languages and tools. We consider that an intermediate step, consisting 
of the formalisation of the previous models in order to specify evolutionary 
structures, can be very fruitful and translatable to other representations. 

After studying different formal tools, usually applied in computer science, as Petri 
Nets and state transition diagrams, we considered that the formalism proposed by 
Holland [3] have the components that we need. We have to remark that the Formal 
Models are independent of the specification further developed from them. 

The formalisation is established according to adaptive plans, operators, structures 
and adaptation or fitness functions of the Models of Evolution. The main objective 
is to explain the Models of Evolution as adaptive plans that apply operators to 
structures of the Software System or MetaSystem. These adaptive plans evaluate 
functions about the performed adaptations trying to establish its viability and 
interest. 
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Figure 3 present the elements of this formalisation: 

• AI Action Interfaces of the Software System and Metasystem. 

• El Evolution Interface of the Software System and Metasystem. 

• GS Genetic Subsystem of the Software System and Metasystem. 

• A^ Structure Ak of the MS. 

• A_, New structure of the MS after the application of operators 0_,. 

• A Structure Ai of the SS. 

• Aj New structure of the SS after the application of operators Oj. 

• Inputs from the environment. 

• Inputs from the Modeller. 

• F(A) Function fitness of the SS with structure A. 

• Pj Adaptive plan which implies the application of the operators 0;. 

• F(A^) Function fitness of the MS with structure A^ . 

• 0; Operators that do not modify the structure A^ of the SS . 

• Pj Adaptive plan elaborated by the MS, that implies the application of 

O, 

• Oj Operators that modify the structure A of the SS, yielding the new 

structure A^. 

• P^ Adaptive plan elaborated by the MS, that implies the application of 

the operators O^. 

• O^ Operators that do not modify the structure A^ of the MS. 

• P„ Adpative plan elaborated by the MS, that implies the application of 

the operators 0_,. 

• Operators that modify the structure A^ of the MS, yielding the new 
structure A„. 




Fig. 3. Relations between the elements of the formalisation. Modeller, environment. Software 
System and Software Metasystem 

In the next paragraphs we present the formalisation of each evolutionary model. 
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5.1 Modeller Driven MetaTeleology 

Definition 2 (Modeler Driven MetaTeleolosv). Let a Software MetaSystem 
,MS=(PS|„s, ES|„s, M|„s) . An Evolutionary process by Modeller Driven 
MetaTeleology, MDMT, is a function defined over the Software MetaSystem, MS, 
s.t.: 

MDMT 

Source (MS) ► Target (MS) 

If and only if MDMT use the Mechanism of Adaptation by 
Mutation/Differentiation, and one of the following conditions is satisfied: 

i) 3AS,e EI^czESL, s.t, 

ASj 

source (PS|„,) ^ target(PS|„s) ^Target (PSj„J ^ Source (PS|„J 

and then Source (MS) ^ Target (MS) 

ii) 3 ASj£ EI^czESL, s.t, 

ASj 

source (ES|„,) ^ target(ES|„,) =>Target (ES|„,) ^ Source (ES|„,) 

and then Source (MS) ^ Target (MS) 

That is to say : 

There is a structural change of the Software MetaSystem through its Evolution 
Interface. This structural change can affect the Processing Structure (i) or the Entry 
Structure (ii). 

Then, we have the following function: 

MDMT : X F(A,) x A, ► P = {0„ | 0„ = AS e EI^, c ES|„J 

That is to say, an evolutionary process by Modeller Driven MetaTeleology is a 
function of the input from the modeller, , the function fitness of the Software 
MetaSystem, F(A^), and the actual structure of the Software MetaSystem, A^. As 
consequence an operator, 0_,, that modifies the structure, A_,, is applied. 



5.2 Modeller DrivenTeleology 

Definition 3 (Modeller Driven Teleolosv). Let a Software System, SS=(PS|gs, ES|ss, 
M|gg), and a Software Metasystem, MS=(PS|„j,, ES|„g, M|j,j,). An Evolutionary 
process by Modeller Driven Teleology, MDT, is a function defined over the 
Software System, SS, s.t.: 

MDT 

Source (SS) ► Target (SS) 

If and only if MDT use the Mechanism of Adaptation by 
Mutation/Differentiation, and one of the following conditions is satisfied: 

(i) 3 AS,e AI|„, c ES|„, and 3 AS,e EI|,, c ES|„„ s.t., 

ASj »AS, 

source (PS|ss) ► target(PS|J =>Target (PSy^Source (PS|J 

and then Source (SS) ^ Target (SS) 

(ii) 3 ASjE AI|„, c ES\^ and 3 AS,e EI|,, c ESl^^, s.t.. 
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ASj ‘AS, ^ 

source (ES|sj.) ^ target(ES|ss) ^ Target (ES|sj.) ^ Source (ES|gj,) 

and then Source (SS) ^ Target (SS) 

That is to say: 

There is a structural change of the Software System through the Action Interface 
of the Metasystem Software and the Evolution Interface of the Software System. 
This structural change can affects the Processing Structure (i) or the Entry Structure 
(ii). 

So, we have the following function: 

MDT : (I. X F(A) x A) . (I„ x F(A,) x A,) ► 

R = {O^ I =AS,.AS„ s.t. (AS^eIAL, czESL,) and (AS,eE4,cz ES|J} 

That is to say, an evolutionary process by Modeller Driven Teleology is a 
function of the input from the environment, , the function fitness of the Software 
System, F(Aj), the actual structure of the Software System, A;; and could take into 
account the input from the modeller, , the function fitness of the MetaSystem, 
F(A^), and the actual structure of the Metasystem, A^. As consequence an operator, 
Oj, that modifies the structure, A-, is applied. 



5.3 Inheritance of the Acquired Metacharacters 



Definicion 4 (Inheritance of the Acquired MetaChamcteres). Let a Software 
Metasystem, MS=(PS|„j,, ES|„g, Mj^^g). An Inheritance of Acquired Metacharacters, 
lAMC, is a funtion defined over the Software MetaSystem, MS, s.t.: 



lAMC 

Source (MS) ► Target (MS) 

If and only if lAMC use the Mechanism of Heredity, and then the following 
condition is satisfied: 



AS 



3 ASe Eljjjg cz ES|„s , s.t., source (MS) ^ target(MS) => 

{Target(PS|„,)=Source(PS|„s) and 
Target(ES|j,s)=Source(ES|ss) and 
Target(M|J=0} 

That is to say: 

There is an action of the Evolution Interface of the Metasystem that produce a 
new Software Metasystem with the same structure than the old one, and whose 
Memory is empty. 

So, we have the following function: 

lAMC: X F(A,) x A, ► p;={o; | o; = AS e EI^, c eslj 

That is to say, an evolutionary process by Inheritance of Acquired 
MetaCharacteres is a function of the input from the modeller, , the function fitness 
of the Software MetaSystem, F(A^), and the actual structure of the Software 
MetaSystem, A^. As consequence an operator, O^’, that produces a new Software 
Metasystem, A^’, is applied. 
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5.4 Inheritance of the Acquired Characters 



Definicion 5 (Inheritance of the Acquired Characteres). Let a Software System 
SS=(PS|ss, ES|ss, M|J, and a Software Metasystem MS=(PS|„j,, ES|„s, M|„J. An 
Inheritance of Acquired Characters, lAC, is a funtion defined over the Software 
System, SS, s.t.: 

lAC 

Source (SS) ► Target (SS) 

If and only if lAC use the Mechanism of Heredity, and then the following 
condition is satisfied: 



AS 



3 ASe AI|„j, cz ES|„s , s.t., source (SS) ^ target(SS) => 

{Target(PS|ss)=Source (PS|j,j.) and 
Target(ES|ss)=Source(ES|ss) and 
Target(M|J=0} 

That is to say: 

There is an action of the Action Interface of the Metasystem that produce a new 
Software System with the same structure than the old one, and whose Memory is 
empty. 

So, we have the following function: 

lAC : I„ X F(A.) X A. ^ Pf= {O.’ | Of=ASE AIL, <=ESU 

That is to say, an evolutionary process by Inheritance of Acquired Characteres is 
a function of the input from the modeller, I_^^ , the function fitness of the Software 
System, F(A), and the actual structure of the Software System, Aj. As consequence 
an operator. Of, that produces a new Software System, Af , is applied. 



5.5 Metasystem-Software System SelfAdaptation 

Definicion 6 (Metasvstem-Software System SelfAdaptation) . Let a Software System 
SS=(PS|,„ ES|,„ M|„), and a Software Metasystem MS=(PSLs, ESL„ MLJ. An 
evolutionary proces by Metasystem-Software System SelfAdaptation, MSSS, is a 
function defined over the Software System, SS, s.t.; 

MSSS 

Source (SS) ^ Target (SS) 

If and only if MSSS use the Mechanism of Adaptation by 
Mutation/Differentiation and one of the following conditions is satisfied: 

(i) 3 AS,e AIL, ESLs and 3 AS,e EI|„ cz ES|,„ s.t., 

ASj »AS, 

source (PS|„) ^ target(PS|„) ^Target (PS|„) Source (PS|„) 

and then Source (SS) ^ Target (SS) 

(ii) 3 AS,e AIL, ^ ESLs and 3 AS,e EI|„ cz ES|,„ s.t., 

ASj »AS, 

source (ES|„) ^ target(ES|„) ^Target (ES|,,)^ Source (ES|„) 

and then Source (SS) ^ Target (SS) 

That is to say: 
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There is a structural change of the Software System through the Action Interface 
of the Metasystem Software and the Evolution Interface of the Software System. 
This structural change can affects the Processing Structure or the Entry Structure. 
The difference between this model and Modeller Driven Teleology is that in 
MetaSystem Software SystemSelfAdaptation there is not intervention of the 
Modeller. 

So, we have the following function: 

MSSS: (I. X F(A.) x A.) • (F(AJ x AJ ► 

R = {O^ I = AS, .AS,, s.t. (AS,eIALczESL,) and (AS,eE 4, czESL,,)} 

That is to say, an evolutionary process by MetaSystem-Software System 
SelfAdaptation is a function of the input from the environment, , the function 
fitness of the Software System, F(A,), the actual structure of the Software System, 
A; and could take into account the function fitness of the MetaSystem, F(A,^), and 
the actual structure of the Metasystem, A,,. As consequence an operator, Oj, that 
modifies the structure. A., is applied without intervention of the Modeller. 



5.6 System SelfAdaptation 

This model of evolution can be used by the Software System and the Metasystem. 
So, in the formalisation defmiton we will refer to System. 

Definicion 7 (Software System SelfAdaptation). Let a System S=(PS, ES, M). An 
evolutionary process by System SelfAdaptation, SSA, is a function defined over the 
System, S, s.t.; 

SSA 

Source (S) ► Target (S) 

If and only if SSA use the Mechanism of Adaptation by Accomodation/Leaming 
and one of the following conditions is satisfied: 

SSA 

i) 3 ASe PS, s.t., source (M) ^target(M) => Target (M) ^ Source (M) 

ii) T arget (f,„|p,) ^ Source (f^„|J 

iii) T arget (f,^cxlEs) ^ Source (^ctU 
That is to say: 

i) There is a change in the Memory of the System caused by an action of the 
Processing Structure of that system that affects the further reasoning 
process and so it is an adaptation. 

ii) There is a change in the function of activity, that is, a change in the way 
used by the System to do the action 

iii) There is a Change in the Action of the System’s Interface. 

So, we have the following functions: 

Applied to a Software System: 

SSSA: (I^ X F(A) X A) ^ R = {O, | O, = AS, s.t. AS,e PS|,J 

Applied to a Software Metasystem: 

MSSA: (I„ X F(A,) x A,) ► P, = {O, | O, = AS, s.t. ASe PSL,} 

That is to say, an evolutionary process by System SelfAdaptation can take one of 
the following faces: 
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1. When performed by a Software System, it is a function of the input from the 
environment, , the function fitness of the Software System, F(Aj) and the 
actual structure of the Software System, A. As consequence an operator. Op 
that does not modify the structure, Ap is applied. 

2. When performed by a Software MetaSystem, it is a function of the input from 
the modeller, (but not the decision), the function fitness of the Software 
MetaSystem, F(A^) and the actual structure of the Software MetaSystem, A^. As 
consequence an operator, O^, that does not modify the structure, A^, is applied. 



5.7 Overview of the Evolutionary Process 

The proposed formalisation establishes the existence of different structures during 
the life of a System These structures are produced by the application of two kinds of 
operators 

1. Operators which, modify it (i.e., Oj, OJ, 

2. Operators which impliesdifferent “uses” or states of the. System. These 
operators do not modify the structure, but the way the System uses it (i.e.. 
Op O,). 

This implies that a System could present a structure and use at a concrete moment 
(instant). This allows to conceive the evolutionary process as follows (Figure 4): 




Fig. 4. Transformation between stmctures and uses 



1. Within a structure (i.e.. A;) the different ways of use of that structure represent 
different states or “uses” (i.e., A . . ., A J. 

2. The structure and the “use” identify the present System’s situation, which can 
be call STAGE of evolution. 

3. Moving from the state Aj „_j to the state A; „ requires the application of the 
operator O; „ that does not modify the structure. 

4. Moving from the structure A; to the structure A- requires the application of the 
operator 0^. 

5. Given a System an evolutionary process with no structural modification can 
exists, just moving from one state to another within the current structure. 
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6. When a new System is produced by cloning or development ex-novo, it is 
thrown in the state (“use”) A„ 

7. The state A,, „ represents the initial definition of the structure. This structure 
could be the structure initially defined by the modeller or that of the System 
from which is produced . 

8. Given a structure, whatever use or state, the System can move to another 
System, that is to say, from any state within a structure the System can move to 
another state that belongs to a different structure. 

9. When the structure of a System is modified, for example from Aj to A., the new 
state reached is A. „ which is the first state of the structure A.. There is no a- 
priori defined characteristics about the conditions that state A - „ must 
accomplish, because the following modification at each instant is unknown 

10. The number of reachable states and structures is, a priori, finite. 



6 Utility of the Formalised Models and Further Research 

The previous formalisation allows the manipulation of the models of evolution. The 
modelling of the evolutionary characteristics of Software Systems requires a double 
perspective: Firstly, from the point of view of the selfsame modelling process 
followed by the modeller, and, secondly, from the point of view of the future 
adaptation of a functional Software System during its life. 



The modelling process. Applying the formalised framework two important aspects 
must be considered: 

a) The inclusion in a modelling methodologyln this case the modeller should take 
into account the characteristics of the future SS in the developed models. This 
requires an adaptation of the methodology in order to provide the necessary 
diagrams, actions, or schemes. At present we are working on the possibility of 
adaptation of UML [12] in order to include the evolutionary process following 
the pattern established by the proposed.formalisation 

b) The adaptation of CASE tools. These tools ought to offer the possibility of 
mapping the evolutionary characteristics into the developed SS . In order to do 
that the firs step is the specification of the formalised models. The framework of 
levels proposed in [11] allows the use of different Knowledge Representation 
Tools to implement the formal models. During the selection of the Knwoledge 
Representation Tool, two important aspects have to be considered: the K.R.T. 
will determine the instance of Software System that finally will be generated; 
and that reasoning about evolution requires reasoning about the time. 

An example of this kind of tools is being implemented by our group under the 
name of FIEDES Software Specification, Design and Evolution Tool), using 
temporal logic and object-oriented programming as specification tools [8]. 
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The life of the Software System. This point of view must paid attention to the 
future necessities of the Software System, concerning evolutionary characteristics 
and mainly the possibility of further adaptation. The necessity of adaptation and 
evolution can appear in a variety of systems that must adapt (accomodate) 
themselves to different conditions of hardware or environment pressure whilst they 
are funtioning. An interesting example of this kind of systems are autonomous 
agents that must perform an activity in not well known environmentes. 

These capacities of evolution and adaptation of S.S. can be modelled using the 
formalisation proposed and the abstract models to establish what kind of evolution is 
appropriate. We are researching on this possibility in the HEDES project. 
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Abstract. Software systems evolve over time. Traditional software develop- 
ment methods and tools support partial aspects of this evolving process. Over 
the last few years we have researched into theoretical evolution search models 
which might be applied to the development of software systems. The Theory of 
Systems and biology have interesting views on the evolution process, very dif- 
ferent from genetic algorithms, which may aid in the development of software 
systems and CASE tools. Our aim in this paper is to present a first version of a 
tool (HEDES) which includes these models and implements them in an object- 
oriented language (VisualWorks 3.0), using first-order temporal logic as sup- 
port. In addition, some lessons learnt in the development of these complex and 
changing tools will be outlined, especially the importance of an iterative lifecy- 
cle in object-oriented development, a high degree of cohesion of the develop- 
ment team and the need for flexible and rapid ways of communicating new 
ideas using discussion meetings, Internet facilities and development support 
tools. 



1 Introduction 

Software development is a process which more and more is classified as incremental 
and iterative in the literature. Classic life cycles such as the waterfall model have 
given way to other life cycles which try to reflect this iterativity (prototyping, spiral, 
fountain,...). Moreover, these life cycles consider that software validation must di- 
rectly involve the users by means of executable prototypes. 

Our outlook, in this sense, is that software development methods and CASE tools 
which support them have to offer a large amount of help during the prototyping proc- 
ess and during transformations of the elaborate software. In order to offer this sup- 
port, it would appear to be necessary to have software evolution models which might 
be transferred to specific tools. 

For several years now, we have been carrying out research into this type of models 
and we have attempted to obtain operational representations. Some results from this 
conceptual and theoretical work have appeared in other works [16], [17], [14], [15], 
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[1], [2]. In this paper, we present the design and implementation of a prototype of a 
tool (called HEDES) which collects the results from these previous works. 

In order to make the explanation understandable, we summarise our view on the evo- 
lutionary problem in the first and second sections. Then we present the design of the 
class structure and we briefly comment on the most important groups of classes (sub- 
systems). Finally, we offer comments about the implementation details, and the 
characteristics of the life cycle used during the development of the tool are outlined. 

2 Software Development: An Evolutionary Process 

Since Software Engineering came into being in 1968, different authors have com- 
mented on the importance of the software development process. Most handbooks on 
this discipline insist on its importance and the study of the ’software process’ is an 
active branch with strong industrial projection [10]. The main argument provided by 
these authors is that the quality of the product obtained (the software) depends on the 
quality of its development process. 

[6] offer a framework which structures the points of view under which the develop- 
ment process can be studied. This framework, which we have reinterpreted in Figure 
1, provides an interesting integrated process-product model. The Software Produc- 
tion Process is responsible for obtaining the product. The Software Process Support 
includes the necessary elements to support the production process (technology and 
production models). The Metaprocess will be responsible for evolving the previous 
processes. The central idea in this framework is the existence of close interdepen- 
dency between the three processes and the products elaborated, furthermore its evo- 
lutionary nature, mainly conducted by the Metaprocess . 




Fig.l. Software Development Procces 



In parallel to this emphasis on the process, some methods and methodological tools 
have been developed. The main outcome of this tendency is the progressive systema- 
tization of Requirements Engineering and Design processes by means of languages 
and automatic tools, which offer support, in Conradi’s terminology, to the Software 
Production Process. 

However, when most of the methods and tools are examined in detail, a great aban- 
donment of their application process is observed [16]. Each one of them has a list 
of models to be produced and a series of detailed steps to be applied, but very few 
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emphasise the fact that the models elaborated should be modifiable and navigable. 
The tools which implement the methods try to mitigate, generally in a heuristic way, 
some of these problems without offering specific schemas for transformation and 
navigability. Only partial contributions to these problems are offered by concepts 
handled in certain fields of Requirements Engineering: traceability, reusability of 
specifications, etc. 

From our point of view, a wider and more integrated vision of the software produc- 
tion process is needed. This view should take into account a principal and well 
known argument: the Software Systems change. This change is usually produced by 
a change in the environment in which the Software must work and the change is ef- 
fectively produced by a Development System, i.e., a group of people who are in- 
volved in producing and maintaining this software. Obviously, notions such as main- 
tenance, reutilization, transformation of class structures, schemas evolution, etc. im- 
ply important contributions to this approach, but they are partial approximations. An 
abstract view of the changing process allows the development of models which inte- 
grate a great number of these concepts. 

Although this view has been presented in our aforementioned works, we will try to 
summarise it from an applied perspective. As a starting point we should outline one 
important premise: we do not find global evolution models in the Software Engineer- 
ing field, however. System Theory and biology have been tackling evolution prob- 
lems for a long time now. 

The contributions from Le Moigne [11] on System Theory are especially useful. This 
author indicates the possibility of identification of no self-evolutionary systems which 
are unable to evolve by themselves and, on the other hand, self-evolutionary systems 
which have the capacity of producing their own evolution. Software Systems belong 
to the first group and the Development Systems belong to the second. To a certain 
extent, the latter are intelligent systems. Le Moigne proposes a canonical representa- 
tion based on three identifiable subsystems useful in modelling no self-evolutionary 
systems'. 

The Operation Subsystem which executes actions in the system. 

The Information Subsystem which has an informational representation of the ac- 
tions executed and the decisions taken in the system. The Information Subsystem 
handles the system memory. 

The Decision Subsystem which decides the actions to be executed depending on 
the prior system memory state. 

On the other hand, biology has developed two main models for the evolutionary proc- 
ess: 

1 . The natural selection model (Darwin) and mutation: only the best adapted muta- 
tions survive. 

2. The adaptive or environment pressure model (Lamarck): the individuals which 
can adapt in an environment incorporate these adaptations into the genetic mate- 
rial and transmit them to their descendants. 

Darwin’s model has been used as an analogy in genetic algorithms, but it is not use- 
ful in modelling software evolution process, because evolution is directed by the De- 
velopment System. However, although the Lamarkian model is nowadays not admit- 
ted for biological systems, it is a very interesting approach in considering the evolu- 
tion of software and allows an easy incorporation of the adaptations into the envi- 
ronment, . 
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We have incorporated Le Moigne’s Theory and the adaptive model in a method called 
MEDES, the main objective of which is to experiment on the evolution field. The 
most relevant characteristics of this experimental method are described in the next 
section. 

3 MEDES: A Model for Software Evolution 

The canonical structure proposed by Le Moigne for noself-evolutionary system allows 
us to have a basic structure for a software system, consisting of three main subsys- 
tems. In addition, software evolution can be defined by considering this structure: 

Definition 1- The evolution of a Software System is a transformation of its structure 
(action patterns, decision patterns and memorisation) over time. These transforma- 
tions will imply changes in the functionality of the system. 

Because software evolution is not a spontaneous process and is performed by the De- 
velopment System, we can offer a second definition which involves it: 

Definition 2 - The evolution of a Software System is a transformation of the structure 
(action patterns, decision patterns and memorisation) over time, produced by the De- 
velopment System. The evolution of the Software System is the main functional ca- 
pacity of the Development System. 

Because the Development System will evolve the Software System and it cannot 
evolve by itself, Lamark’s analogy allows us to conceive the Development System as 
the environment which will produce pressures on the software. This evolved software 
will keep the most interesting modifications executed by the Development System in 
its structure. 

A practical view of this perspective may be observed in Figure 2. The Development 
System will transform the Software System. In order to execute this task it must have 
a tool, that we call Metasystem, which helps in the process. The Metasystem works 
like a CASE tool that supports the evolutionary process. We can distinguish five 
forms of interaction depending on the importance of the Metasystem and the possi- 
bilities of inheriting (in biological sense) certain acquired characters by the System 
and the Metasystem [22]. 

1. Evolution of the Software System carried out by the Development System: it is 
the usual form of evolution in which the development team transforms the 
Software System helped by a tool. 

2. Evolution of the Metasystem carried out by the Development System: the De- 
velopment System evolves the Metasystem. 

3. Evolution of the System carried out by the Metasystem: the Metasystem could be 
provided with certain learning capabilities and could modify the System as a re- 
sult of changes in the environment of use for the software system. 

4. Inheritance of acquired Metacharacter: reuse of the most interesting Metasystem 
characteristics. 

5. Inheritance of acquired characters: reuse of the most interesting System charac- 
teristics. 
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Fig.2. Operational Approach to Software Evolution 



Obviously, the evolution definitions as well as the previous model of the evolutionary 
process are excessively abstract and to work with operational representations that can 
be implemented it is necessary, in general, to find representations of all three struc- 
tural elements in a system, which is the main objective, i.e.: 

1) The action Subsystem: the concept processor which carries out actions allows us 
to represent this subsystem. For establishing an understandable analogy, each one 
of our processors is similar to an active agent. 

2) The decision Subsystem: a distributed decision strategy linked to the processor 
actions in the form of pre -conditions, during -conditions and post -conditions is 
used. Decisions are expressed in temporal first order [8]. 

3) The memorisation Subsystem: it is constituted by a history of the action results 
which the processors execute. These results are called Events and the memory of 
Events is called System Functional History. 

A detailed description of the exact structure of these subsystems may be found in 
[16]. The most important result of this previous theoretical work derives from the 
possibility of representing and implementing Software Systems and the Metasystem 
using the same concepts, i.e., the system operation (functionality) and its evolution 
are homogeneous. In the following section we present the current state of the tool 
(HEDES) which implements these three subsystems and forms 1 and 2 of the afore- 
mentioned evolution. 

4 HEDES Architectural Design 

4.1 General Structure 

HEDES is, mainly, the tool which implements the concepts developed in MEDES. 
Hence, the different concepts are mapped into classes in a nearly univocal way. These 
classes will allow both the software system operation and its subsequent evolution. 
Figure 3 shows the class structure designed and further implemented in Smalltalk . 
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Fig.3. HEDES class structure 

For each one of the three subsystems considered in the previous section, we have de- 
signed several interrelated classes. We emphasise the Action Subsystem, because it 
constitutes the central part of the prototype . 

The kernel of the Action Subsystem is the HEDES Processor class which allows the 
structuring of the Systems, the Metasystem and the processors that formthem. The 
activity of these processors is regulated by the presence of a history (History Man- 
ager), belonging to the Memorisation Subsystem, and the possibility of executing ac- 
tions (Action) depending on the evaluation of preconditions (ConditionExp) and 
queies (QueryExp) over the history. This evaluation depends on the Decision Sub- 
system. The control of activation depends on an event manager (EventReceiver) 
which works linked to the history. This class plays a double role: it stores the events, 
as part of the Memorisation Subsystem, and activates the processors, as part of the 
Action Subsystem. In order to systematise the explanation, we comment on each one 
of these subsystems separately ending with a section devoted to the evolution of the 
systems. 

4.2 Memorisation Subsystem: History and History Manager 

The kernel of the System memory is constituted by the events that have been pro- 
duced inside it. These events (Event class), together with the instant in which they 
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were generated, are stored in the System memory (History class) by an events man- 
ager (EventReceiver). All these classes are co-ordinated by a manager of the history 
(History Manager). Figure 4 depicts the interactions between these components. 

At present the Events are forms with possible queries (QueryExp) associated to the 
fields. A more detailed description of history structure and the additional information 
about the events may be found in [2]. 




Fig. 4. History Manager activity 



4.3 Action Subsystem 

4.3.1 Structure of the System and Metasystem 

In HEDES, a System and a Metasystem are special types of processors which, are 
themselves made up by processors. Therefore, the classes that implement them are 
subclasses of HEDES Processor. A mechanism of aggregation is used to form the dif- 
ferent elements for a processor. 

A System is created by a Metasystem and implements a prototype of an application 
that is directly executable by the user. All systems are instances of the System class. 
The design of the Metasystem determines a specific form for creating systems. It pro- 
vides internal rules to determine the coherence and consistence of the systems devel- 
oped. These rules are invariants of the structure of a system and are formally de- 
scribed as preconditions for the processor actions of the Metasystem [19]. Each par- 
ticular Metasystem is an instance of the Metasystem class. Since a Metasystem has 
the same structure as a System, and it is a specialised system, it should be a subclass 
of the System. However, due to the fact that the Metasystem allows the systems to 
be created and evolved , the egg and the chicken problem arises. In order to solve this, 
we have taken the decision to implement the Metasystem before the System, creating 
it as a subclass of the HEDES Processor, and, fixing the invariants for its structure in- 
side it. 

In this version, only one of the component mechanisms, aggregation, has been im- 
plemented. The interaction between systems, through their interfaces, will be one of 
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the goals of the second version. With this version, the previous problem will also be 
solved by means of direct interaction between a Metasystem and its systems. 



4.3.2 The Mechanism for Controlling Activation 

When an action is carried out, a new event is generated and stored in the history by 
the Memorisation Subsystem. Each action includes references to other actions in its 
precondition. If the actions in a precondition were carried out, and new events were 
obtained, the precondition could hold and the action with that precondition would be 
activated. 

The activation control for the processors in a specific system is carried out by its 
EventReceiver, one of the components of the History Manager. It is responsible for 
informing the processors when a new event has been recorded in the history. Each 
processor could activate one or more of their actions. 

To put this functionality into practice, the EventReceiver needs to maintain specific 
information which relates the events, the processors and the actions of the processors. 
The actions that are part of each action precondition in each processor allow us to de- 
termine which processor may be activated when an event is recorded, giving it the 
name of the actions, which could potentially begin to be carried out. Therefore, the 
processors try to prove whether their actions can be carried out or not when a possi- 
bility of success exists, instead of attempting it continuously. 

Since the systems evolve, new processors can be created or deleted or they can mod- 
ify their behaviour by adding or dropping their actions. Also the action preconditions 
and the actions attributes can be updated. These modifications are reported to the 
EventReceiver dynamically in order to update its information about the system rela- 
tionships and to maintain the consistency with the changes carried out in it. 



4.3.3 Delegated Actions Versus Inherence 

Actions are carried out by processors and their execution results are events. A simi- 
larity relationship between a processor and an object could be established. The actions 
of a processor correspond to the object protocol, and, the events correspond to the 
methods. Following the same philosophy, a class of objects would be equivalent to a 
processor class. This will imply that all processors in the same class will have the 
same behaviour. 

But, previous studies [20], [21] show that the mechanisms of cloning and delegation, 
characteristics of object-oriented languages without classes, are able to simulate in- 
heritance and they are also more expressive and dynamic than the traditional mecha- 
nism for inheritance. 

Due to the fact that our main objective is the dynamic prototyping of the system rep- 
resented, the delegation mechanism is used instead of inheritance. This forces the 
delegation chains to change at runtime and, at the same time, the characteristics of the 
actions of a processor.In our case, this implies that the pre-, during-, and post- condi- 
tions, and the events associated to the execution of an action may be delegated by a 
processor to another processor. In order to provide this dynamicity for the activity of 
the processors it is only necessary that the Action class uses the delegation mecha- 
nism. 
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4.4 Decision Subsystem: Mechanism for Activating Actions 

Each action of a processor has an associated pre-condition (object of the Condition- 
Exp class). An action is only carried out if its precondition holds. The preconditions 
are evaluated over the actions that have been carried out previously, i.e., over the 
events stored in the history managed by the History Manager. Thus, when an action is 
going to be carried out by a processor, it sends a request to its History Manager which 
queries its history to evaluate the pre-condition and answers whether or not the action 
can be carried out. The responsible for evaluating the pre-condition is an object of the 
ConditionEvaluator class and it is a component of the History Manager. From a for- 
mula or expression which constitutes the condition to be evaluated, the ConditionE- 
valuator creates atomic formulas which are evaluated more easily over the history. 
The ConditionEvaluator combines the partial results of the atomic formula evaluation 
and gives the processor a true or false answer. 

It might be necessary to make a query on the possible values that the attributes of an 
action may have in order to carry it out. The user can give these values, or, otherwise, 
they can be obtained as the result of a query on the events of other actions stored in 
the history. The QueryEvaluator is responsible for evaluating these queries (objects 
from the QueryExp class), which itself is a component of the History Manager. An 
event will have some QueryExp linked, as much as one per attribute. The functioning 
of the QueryEvaluator is similar to the functioning of the ConditionEvaluator. 

4.5 Evolution: A Form of Functioning 

In our software model three aspects are considered: functioning, structure and evolu- 
tion. These three aspects interact and their relationships are established during the life 
of the software and while it is functioning. From the moment when changes are pro- 
duced in the structure of a software system, its functioning changes, i.e., it is evolv- 
ing. Changes of structure should be indicated in the same way in which the carrying 
out of an action is required without having to stop the functioning of the system. This 
homogeneity, shown in [ 1 9] allows the evolutionary transformations of a system to be 
executed in the same way as its functionality, i.e., using the elements implemented 
and described beforehand. In fact, the evolution is carried out by the Metasystem us- 
ing a special system history (System Structural History) in which the events stored are 
events of structural transformation. Its homogeneity with the Functional History al- 
lows the HistoryManager class to be used in order to manage both functioning ac- 
tions and evolutionary actions. The only difference between both histories is the ori- 
gin of the stimulus needed to carry out an action: the Metasystem in the evolution 
case, and the user in the case of normal system functioning. 
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Fig. 5. User interface of the HEDES tool 



5 Prototyping in Smalltalk (VisualWorks®^) 

HEDES implementation has been carried out in the object oriented environment 
VisualWorks 3.0. It is a visual programming environment fully implemented in 
Smalltalk. The choice of this language is based, besides the group’s experience with 
group programming on it, on reasons of a conceptual nature: 



It is a reflexive language implemented on itself in which, thereby, the manipula- 
tion of the classes and their modification at execution time are carried out in the 
same way as the manipulation of the instances of the classes. In fact, both classes 
and metaclasses are objects. Due to the requirements of homogeneity for the 
structure and functioning, the HEDES tool has to be created with a language, 
which provides instructions to carry out the typical functions of an application, 
and to change the structure of the application itself and the programming envi- 
ronment at execution time. Therefore, reflexive programming languages are nec- 
essary to do this. 

It has an object-oriented visual environment with a client-server architecture. Its 
interaction model is MVC {Model-View-Controller) and it is well implemented 
and defined. It also has well-defined interfaces with relational and object-oriented 
databases. 

Due to its flexibility, the mechanism of delegation, much more dynamic than the 
inherence, has been implemented in it. 

It provides tools for constructing compilers which have facilitated the imple- 
mentation of the temporal logic evaluator. 



^ VisualWorks 3.0 is a trademark of ObjectShare, Inc. 
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Other more object-oriented languages have been evaluated (Eiffel, C++ and Java) and 
discarded, at least in this phase of the project, basically because they do not allow full 
management of classes as objects. 

The implementation details of the prototype are not especially relevant because the 
architectural design has been translated into the language without difficulty. Figure 5 
shows a detail of the user interface of the HEDES tool. The provision of new forms of 
Metasystem and the user interfaces designer (Canvas) used to design the events stand 
out in this figure. 

One important element is the implementation of the cloning and delegation mecha- 
nism in this language. Smalltalk is a language with simple inheritance, but, the acces- 
sibility of the mechanism for messages, allows its modification and the addition of the 
possibility of execution of delegated methods [20]. From the different delegation 
mechanisms available [7] we have chosen the delegation by object in which an object 
delegates, by defect, all its messages to another object. This mechanism allows the 
mechanism of delegation by message to be emulated. The characteristics that allow 
the resolution of the delegated methods are implemented in the Delegation class, from 
which the Action class inherits. 



6 An Evolutionary Life Cycle for an Evolutionary Tool 



The tool, as it has been developed, supports the evolution form 1 considered in Sec- 
tion 3. Our activity as a development team corresponds to the evolution form 2, i.e., 
the evolution of the Metasystem. Our work consists of the elaboration of versions of 
the Metasystem with progressive functionality. The design and implementation of a 
tool are not easy when the implementation details are not known beforehand, and, 
when the work is executed by a group of people in which each person needs the de- 
velopment works from the others. We decided, due to this co-ordination difficulty, to 
establish an evolutionary life cycle to carry out the development work in an incre- 
mental form, with the necessities being negotiated amongst the members of the team. 
Periodic meetings, and the sending of e-mails in the event of emergencies, are used 
for negotiating. The schema of the work followed is a modification of the classical 
approach in version controls on object orientation [3]: 




Fig. 6. Schema of work 
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In order to co-ordinate the development work, HEDES was divided into clusters [13], 
The tool used to manage the configuration is SourceSafe^ which allows us to control 
the software and the documentation generated. As usual in this kind of tools, two di- 
mensions are considered: 

HEDES components: the storage and access control of the components of the 
work team are controlled. In the Smalltalk language, our case, each cluster corre- 
sponds with a category of classes and there is only one person responsible for 
each cluster. 

Versions of a cluster: each person can obtain new versions of its clusters and can 
control their changes. 

Each group member has reading access to the clusters of the other members. There- 
fore, the work carried out by others can be observed and local copies from it can be 
made. Copies allow the execution and test of the own classes which need methods 
implemented in different clusters. Each test of the prototype implies a revision from 
which a new version is obtained (evolutionary prototyping). Sometimes, the revision 
of a cluster determines that the clusters with which it is related also have to be re- 
vised. The person responsible for a cluster is the only person who can change it, and 
sometimes, as in the previous case, because a third person required it. 

There is a version of the work in which the clusters already tested and accepted are 
introduced, which means that the prototype always has an acceptable consistence. 
Obviously, the management of this consistence is the responsibility of a team mem- 
ber. 

7 Related Works 

In the evolution software field, the closest works are those carried out by the authors 
who work on object orientation. Gibbs [9] interpret software evolution as the changes 
carried out in the class definitions. In Casais [5] the evolution of a class structure is 
considered, taking into account the operations to modify that structure, the restrictions 
for the modifications, and, the effects of these modifications in the class structure and 
in the existent instances of these classes. In the work developed by Lieberherr [12] in 
the context of the DEMETER project, the notion of an adaptive program is intro- 
duced, providing an instantiable propagation pattern for different structurations of 
classes. It uses heterogeneous graphs for the representation of the structure of class 
relationships, in which, the nodes are the different kinds of classes and the arcs are the 
different kinds of relations between them. The program adaptability to the structure 
comes from the instantiation of the propagation directives over the structure, which, 
are finally translated in running time on the structure of the graph. 

In the context of the MENHIR project , there are aspects of MEDES, that also exist 
in other methods such as OASIS [4] and TESORO [23]. OASIS, in an non-explicit 
form, it incorporates the action and decision subsystem... Evolutionary aspects are 
now being considered, adding the Metaclass concept [18]. TESORO has an object 
model with events which describe their behaviour using transition rules for the 
changes of state. The objects work in a concurrent way and interact between one an- 
other. One of its more interesting elements is the use of restrictions on the objects, 
which specify the state of the objects, their behaviour depending on the state 



^ SourceSafe is a registered trademark of Microsoft, Inc. 
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However none of these authors or methods adopt a global model for evolution which 
allows us to consider the evolution in the software production process, therefore, they 
do not explicitly identify the subsystems that have been considered in this work. Be- 
sides, none of them take into account the evolutionary possibility of the tools for pro- 
ducing software (our Metasystem). 

8 Conclusions and Future Work 

The design and implementation of a first prototype of a CASE tool to develop evolu- 
tionary software systems have been presented. This first approximation includes fun- 
damental concepts of the General System Theory of Le Moigne and an analogy to the 
Lamarkian model of evolution. Our main objective with this prototype was to show 
the utility of this tool. Some important conclusions may be taken from this work: 

- System Theory provides a good support in the development of this kind of 
tool. We show that the concepts are used not only at a theoretical level, but also as 
practical support in the architecture and design of the tool. 

-The notions of adaptation and inheritance, especially from a Lamarkian 
point of view, are very fruitful in modeling evolution [22] 

The lessons learnt in constructing this tool, which supports the evolution of Software 
Systems, are being used in supporting its OWN evolution. In this sense, we are ob- 
serving that sound System Theory concepts provide us the migration to the next ver- 
sions of the tool with minimum development effort. In the near future, our work will 
be centred on a progressive refinement of the prototype with the aim of achieving a 
tool that may be useful for carrying out the prototyping of information systems. The 
main improvements are: 

1 . Action Subsystem: 

The control of activation will be improved, by eliminating more information 
on the preconditions for the actions of the processors. 

The possibility of designing events will be amplified. 

Direct communication between processors by means of their interface will 
be added. 

The structure for the Metasystem will be redesigned. 

2. Decision Subsystem: 

Improvements in the conditions and queries associated with the events will 
be included. 

The evaluation of the conditions will be optimised. 

3. Memorisation subsystem: 

Mechanism to delete and optimise the memory will be added. 

4. Evolution: 

The inclusion of the kinds of evolution not considered till now ( 3, 4 and 5 
from Figure 2) will be studied. 

5. Optimisation: 

The possibility of defining transformations from the history to state variables 
will be considered. 
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Abstract. Data distribution is a crucial problem affecting the cost and efficient 
use of these systems. The problem is further exacerbated by the lack of methods 
and support tools for the design of distributed databases. This paper outlines 
some of the main techniques currently used for data distribution, such as vertical 
partitioning and replication. Two vertical fragmentation methods are described, 
the classic NAVATHE method and the newer FURD method, as well as the two 
proposed in this paper, the FURD-FDEZ and the FURD WITH REPLICATION 
methods. 



1 Introduction 

Up to the present date, most information systems have been located in centralised 
systems. Now, however, communication networks and particularly Internet offer new 
alternatives which allow us to obtain the data wherever it is handled. 

Data distribution is a crucial problem affecting the cost and efficient use of these 
systems. The problem is further exacerbated by the lack of methods and support tools 
for the design of distributed databases. 

This paper outlines some of the main techniques currently used for data 
distribution, such as vertical partitioning and replication. Two vertical fragmentation 
methods are described, the classic NAVATHE method and the newer FURD method, 
as well as the two proposed in this paper, the FURD-FDEZ and the FURD WITH 
REPLICATION methods. 

Vertical fragmentation is not only of interest within the context of distributed 
databases, but also in the field of centralised databases. In the latter case, the main aim 
is to detect the most active queries in order to allocate the relevant data in faster 
memory subsystems, thus reducing the number of page accesses. 

It is worth pointing out that the vertical fragmentation of a relation R produces new 
relations, Rl, R2,...Rn, which contain a subset of the attributes of R amongst which 
the primary key must be found. The main objective of this operation is to divide the 
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relation into a set of smaller relations so that most user applications execute processes 
which affect attributes of only one of these fragments. 



2 Navathe Method [5] 

The aim of the first method studied, the Navathe partitioning method, is to regroup the 
columns of a table in the sites where they are most frequently requested in order to 
minimise the number of joining operations. The following stages are required for 
fragmentation using the Navathe method: 

Define the Attribute Usage Matrix. 

Build the Attribute Affinity Matrix (clustering algorithm). 

Divide the Attribute Affinity Matrix (partitioning algorithm). 

The first stage involves the identification of the processes to be executed in the 
distributed database. With these, a two dimensional matrix is built for each of the 
tables at the database, in which the attributes of the table are arranged horizontally to 
the matrix and the processes which have access to this table are arranged vertically. 
This matrix will contain a 1 if the attribute is requested by the query and a zero if not. 
Once the Attribute Usage Matrix has been defined, the frequency accesses must be 
assigned, that is, the number of times each process is requested from each site. 

In the second stage, the Attribute Affinity Matrix is built. This matrix shows the set 
of attributes which are most likely to be requested at the same time. It is obtained 
using expression 1 : 

aff (4 . 4 ) = Svs, ''4'; ) (1) 

where, ref,(qj is the number of accesses to attributes (Aj,Aj) for each execution of 
application q,^ at site S, and acc,(q^) is the application access frecuency sites. 

Then, taking as input the initial Attribute Affinity Matrix, and permuting rows and 
columns, the Clustered Affinity Matrix is obtained, using the Bond Energy Algorithm. 
This permutation is carried out in such a way that the overall Affinity Measurement 
(AM) is maximised, through expression 2: 

n n (2) 

= X X ^■4(4 , 4 (4 . 4-1 ) + «#(4 ’ 4+1 )] where, 

/=! y=l 

4 ) = «#(4 ’ 4 ) = «# (4+1 ’ 4 ) = (4 > 4+i ) = o 

Next, in order to group those attributes whose affinity is maximum, the contribution 
defined by expression 3 is used : 
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cont(Ai ,Aj,Af.) = Ibond (A- ,A/:) + Ibond (A/^ ,^j)~ '2-bond (A- , Aj ) where, (3) 

bond (4 ,A^) = '^aff{A^,A^)aff{A^,A^) 

Z=1 

As the cluster matrix obtained can have more than two fragments, it is necessary to 
resort to a recursive algorithm which finds the sets of attributes which are accessed 
solely, or mainly, by various sets of processes. This makes up the third and final stage 
of the Navathe method. 



3 Furd Method [6] 

The FURD (Fragmentacion, Ubicacion y Reubicacion de Datos) is a method based on 
the minimisation of a single objective function which enables the attributes of 
relations to be allocated and/or reallocated in the nodes of the network, thus reducing 
communication costs. That is, it not only takes into account the frequency of access 
but also the means of communication linking the sites. In contrast with the traditional 
Navathe approach which consists of two stages, fragmentation and allocation, this 
method performs the two operations at the same time. 

The objective function is a form of cost assessment and consists of two terms: 

1 . In the first term, the communication costs generated by the transmission of the 
data required to satisfy the queries from each of the nodes are modeled. 

2. In the second term, the communication costs generated by the migration of data 
from one node to another in a change of design are modeled. 

min z = 

k j m t m j k 

where, 

f^j = frequency of accesses of query k from node j. 

= parameter indicating with 1 if query k uses attribute m, and with 0 otherwise. 

1^_^ = number of communication packages required to transport the attribute m 

required for the query k = p_^syPA ’ 

where, p„ is the size in bytes of attribute m; 
s^ is the selectivity of the query and 

PA is the size in bytes of the communication packages; 

Cj, = cost of communication between node j and node t 

x„ = decision variable equal to 1 if the attribute m is stored in node t and 0 
otherwise. 

a^j = parameter which indicates with 1 if the attribute m is currently stored in 
node j. 



' and PA take the unit value in order to compare them with Navathe method. 
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d„ = number of communication packages needed to change the allocation of 
attribute m to another node. 

In this algorithm the primary key of the relation to be fragmented is not considered. 
This will be added in each fragment when the process is finished in order to maintain 
integrity and to make possible the reconstruction. Replicated attributes will not be 
considered either, which means that each of the attributes of the relation is stored in a 
single node, so that the following is fulfilled: 

t 

Moreover, each attribute must be stored in a node which executes at least one query 
which requests it, so that 

( 6 ) 

k 

where, is equals 1 if > 0, 6 0 if 4 =0 

In J. Perez et all. (6) a comparative analysis is made of results of the Navathe and 
FURD methods under certain conditions, their conclusion being that both methods 
offer identical fragmentation schemas. It is also observed that the FURD method 
simplifies the calculation and performs the fragmentation and the location at the same 
time. 

The FURD method also offers the possibility of evaluating the cost of the migration 
of fragments from site to site in order to adapt to the changes in the transaction 
patterns of the above design. Since it is considered that a change in the system design 
must be a decision of the system administrator, only the first term has been considered 
here. 



4 Furd-Fernandez Method 

In the case of vertical partitioning to distribute the columns of a table in different sites, 
each fragment must include the primary key of the original table. Since neither the 
Navathe nor the FURD method contemplate the influence of the size of the index on 
the fragmantation, the FURZ-FDEZ method is now proposed, providing an algorithm 
which takes into account this situation. This method is based on the FURD method 
and makes use of the same initial data. 

Why evaluate the index cost?. The index is made up of one or more attributes and 
as such, has an influence on the communication cost since it is composed of a number 
of bytes and, as with any attribute, it depends on the network costs, on the frequencies 
of the queries to each field and on the union with other fields of the same process. 

Algorithm: 

The method aims to offer an improvement on the FURD method. The process is the 
same, but, over the cost of each field in each combination of sites obtained with 
FURD, this method adds the calculated index cost, bearing in mind that if there is 
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another field situated at the same site, the index cost to be added will be half, and if 
there is a third, a third and so on successively. 

In order to avoid a dependence on the order of selection of the fields in the process, a 
combination of sites is chosen and the alllocation of each one is varied field by field in 
each site, and if the cost obtained is low, the rest of the assigned fields are again varied. 

Inclusion of the Index Cost 

For the calculation of the index cost, the attributes of each query and their 
frequency are taken into account. 

On initiating the calculation, there are no clusters with other fields (these are just 
beginning) and, thus, the first result will be as if the first field were the only one in a 
specific fragment. In this case, the additional cost of the index is evaluated according 
to: 



ACUA = Additional_cost_unique_attribute = cx * ( ti / tx ) 



( 7 ) 



where, 

c^ = FURD cost of field x 
t = index size 
t^ = size of field x 

Next, the following steps must be taken for each field at each site: 

1. Calculate the added cost if the field were the only one in the fragment, using 
expression 7. 

2. Calculate the importance, I, in so many to one, of each attribute in each site 
using the query/attribute table, according to expression 8: 

I = pa! pt 

where pa is the FURD cost, for a specific node and query, that is: 

pa = Y,fkiCi^ 



and pt is the cost in the rest of the sites: 



( 10 ) 



k w 



3. Calculate the number of coincidences between the query/attribute table and 
the allocations table obtained up to the present moment. 

4. Obtain the additional cost of the index using expression (11): 



Additional_index_cost = ACUA * ( 



I 



sum of coincidences 



) 



( 11 ) 



The cost matrix obtained after carrying out this process will offer the vertical frag- 
mentation schema, taking into account the index. 
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5 Metodo Furd With Replication 

The methods outlined above, the Navathe, FURD and FURD-FDEZ methods, are 
based on the vertical fragmentation and the allocation of each attribute in a single site 
- that in which the cost in resources is lowest. This section analyses ways of 
optimising the cost by allocating each attribute to one, to several or to all of the sites 
competing for the attributes. 





1 




2 [ 








1 




5 






Fig. 1. A replicated enviroment 



For this new method, it is taken into account that: 

1 . Every time a field has to be updated, this must be performed in all existing 
copies of the field. 

2. If the queries are reading queries, they will be brought from the site which has 
the copy requiring the lowest cost, unless it is found in the site where the query is 
made. 

The parameter remote writing accesses (A) is defined, indicating the value , in so 
many to one, of the updating processes. If the parameter tends towards zero (most of 
the queries are reading queries) there will be a tendency towards full replication, while 
if it tends towards one (most of the processes are writing processes) there will tend to 
be one attribute in each site. 

At the same time, the matrix M is defined, that is a squared matrix of a range equal 
to the number of sites, such that; Mii is the cost an attribute has when it is at site i and 
due only to its own trajectory, and Mij is the cost an attribute has after being brought 
from site j to node i. 

The value of Mij is found using the following expression for each attribute m of the 
table: 

k 



where: 

f^j = frequency of access of query k from node j. 

= parameter indicating with 1 if query k uses attribute m, and with 0 other- 
wise. 
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= number of communication packages required to transport the attribute m 
required by query k = p^s/PA 
where, 

p„ is the size in bytes of attribute m; 

s^ is the selectivity of the query and; 

PA is the size in bytes of the communication packages; 

c,= is the cost of communication between node j and node i 

The algorithm consists of the following steps which are to be carried out with each 
of the attributes of the table: 

1. A function is created which obtains all the possible combinations of the attrib- 
utes in the sites (if there are four sites, the function would go from combination 
0001 to nil). 

2. The costs for each field are found in each of the combinations (sites(i)), so that: 

Total_cost = X cos t i 

2.1. If the node i to be analysed has the field which is to be evaluated, then 
the cost is obtained using expression 13: 

Cost i = Mii + [A * I(m. ) ] (13) 

2.2. If the field to be evaluated is not found in the node under analysis, 
then the cost is obtained using expression 14: 

Costi = (Mj (14) 

where function P is a function which obtains the possible elements (Mij, selects the 
lowest and multiplies the rest by remote_writing_accesses. If there are no elements, its 
value is zero). The value of j is that of the nodes which the copy has. 

3. The cost is checked. If it is the lowest, the combination is kept, and we return to 
point 1. 

When the algorithm is finished, the schema of the fragmentation with replication of 
the attributes which form the relation will be obtianed. 



6 DDB Design Simulation Tool 

An application has been developed in Visual Basic for the use of these two variants of 
the FURD method and itself. The application takes as input data the information on 
the structure of the table to be partitioned, system costs and frequency of queries in 
order to facilitate the distribution of its columns, according to the chosen algorithm, 
with the minimum cost. 
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Fig. 2. . Initial conditions data 



Figure 2 below shows the data input screens. With the calculate option, the various 
methods are accessed and the results are shown as in Figure 3 and 4. This tool is avail- 
able in Spanish. 
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Fig. 3. Furd vs Furd-Fdez with index size of 6 




Fig. 4. Furd with replication with 15 % of written access 
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7 Conclusions 

The aim of this paper is to contribute towards improving distributed database design 
and, in particular, the study of the vertical fragmentation of relations and the replica- 
tion of columns. 

An analysis of the two existing methods, the Navathe and the FURD methods, has 
been made. Two improvements on the above are proposed: the FURZ-FDEZ method 
which incorporates the incidence of the index cost of the fragmentation and the FURD 
method with Replication which offers, depending on the percentage of accesses with 
updating, the replication schema with the lowest cost. 

Finally, an application has been developed in Visual Basic for the use of these two 
variants of the FURD method. 
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Abstract. The article is about the management of an important part of 
the development process of a software system: the phase of incremental 
implementation. Implementation is based on the design of the system ar- 
chitecture and its components, its main task is the production of modules 
and their integration. 

Project management has to plan and control the flow of project ac- 
tivities. Besides logical dependencies between them it has to take into 
consideration particularly the aspects of time and availability of quali- 
fied resources. In addition, each calculated plan depends upon several 
restricting constraints, which are influenced by real time decisions of the 
environmental system. 

Therefore a model of such a supporting management system is dynamic 
and non deterministic in its nature, it needs the ability of adapting itsself 
due to external decisions. 



1 Introduction 

Traditionally, software development is described by different process oriented 
models, i.e. classic sequential software-life-cycle-model, waterfall-model, spiral- 
model, prototyping-model, object-oriented-model and mixture forms. They are 
characterized by using repeating phases, which build the so-called software life 
cycle. Unavoidable tasks in this area of professional software production are 
analysis, design and implementation [2]. Based on the design of component and 
logical architecture of the software system, the following chapters focus on the 
phase of incremental implementation, i.e. the realization of parts of programming 
code and their integration. 

First, the result of the design process is a set of interrelated functions working 
together with one common objective, which build the logical description of the 
software system. The description methods range from simple unstructured docu- 
ments until complete repositories, which often enable automatic code generation 
too. Secondly, a decomposition of the problem into physical parts, so-called com- 
ponents, is a necessary step. Using the bottom-up method the implementation 
phase starts with the production of programming code of elementary predesi- 
gned modules, followed by their integration into more comprehensive modules, 
etc. It is very important to carry out a review of the complete design of the 
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software system after the completion of each single software module; in that way 
the tasks of design and implementation influence other (incremental design and 
implementation). Nowadays, the items analysis and design are substituted by 
the term modelling. A modern but already well known graphic oriented descrip- 
tion language, which supports this kind of modelling and which is independent 
of specific process models, is UML (Unified Modelling Language) [4]. 

Modelling software development, several specific difficulties have to be ta- 
ken into consideration. Most involved processes are creative in their nature and 
executed by human resources. With regard to the need of integration of per- 
manent modifications, performed while the real software project is running, the 
underlying project structure has to be dynamic, or the entire system is non 
deterministic)?]. Besides, from the viewpoint of the project manager a software 
development project is represented by a set of manageable units called project 
activities and a set of human resources called resource pool. The main target of 
every managing instance, i.e. every project management system (PMS), is the 
support of planning and controlling the project flow. Nowadays time-to-market 
is the primary goal concerning software production[3] [12]. Planning is not only 
restricted to correspond with the logical project flow, but also has to assign 
optimal resources in such a way that the overall project time gets minimized 
with addional constraints concerning budget [5]. Control has to ensure the ag- 
reement of the real project with the current project plan. If deviations occur, 
several external decisions have to be made and, based on them, a new planning 
is necessary, followed by the integration of the new created plan into the run- 
ning system [9]. To be successful in this respect the underlying model has to be 
’’decision based” and ’’adaptive” (see topic of the article). 



1.1 System Levels 

Fig.l is depicting the different levels of the involved systems and the central 
role of the so-called project plan: The DMS (Decision Making System) belongs 
to a higher level than the PMS (Project Management System) and RPS (Real 
Project System), the object ’’project plan” figures as synchronizing object for all 
systems. Vertices describe communication channels between the systems, where 
channel 1 stands for monitor information of current activities generated by the 
PMS and channel 2 is for reports coming from the RPS. It is the responsibility of 
the project manager (DMS) to observe deviations between planned and current 
project flow and to make decisions. These decisions are brought via updating 
interface into the running PMS, which is symbolized by channel 3. 

Therefore the typical tasks of all systems can be summarized as followed: 

— PMS: Import of modifications, export of informations concerning running 
activities, calculation of optimal project plans 

— RPS: Execution of all planned activities, generation of reports 

— DMS: Comparison of PMS informations and RPS reports, generation of 
structured decisions (in the case of deviations) 
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Fig. 1. Systems Commnnication 



1.2 Decision Based Synchronization 

Systems are synchronous if they work like described in the current project plan. 
Disturbances can be 

— time deviations of project activities 

— changes within the resource pool (see 2.1) 

— changes in decomposition graph (see 2.1) 

— not accomplished quality criteria 

It is the most challenging task for the members of the DMS (i.e. project 
manager, quality manager, etc.) to observe the current project flow permanently 
and to discover differences between reality and project plan as fast as possible. 
In the case of a noticed deviation, a decision which intervention type should 
be used for correction is immediately necessary. Dependent on the above listed 
items we can distinguish between 

— simple intervention (correction of remaining activity time, modification of 
resource status) and 

— aggregate intervention (modification of system granularity, realization of re- 
peating loops). 

Figure 2 illustrates the roles of the different involved systems and their pro- 
ject plan from the beginning of a project. All kinds of interventions need an 
input at time tfix using the update interface of the PMS monitor (IRQ-1). The 
asynchronous phase up to that point is called reaction time interval T^eact and 
can only be influenced by the decision system. At any time, therefore also at tfix, 
the PMS is able to calculate the remaining time interval Tpian until the next re- 
levant change of system state takes place (must be a start or a termination of a 
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Fig. 2. Systems Synchronization 



project activity). This time interval is available to start the planning subsystem 
at time tfix for the purpose of replanning (creation of a new optimized project 
plan of all not yet successful terminated project activities). It is clear that the 
efficiency of the optimization (quality of new plan) depends on 

— the length of the available time interval, 

— the complexity of the remaining project structure (activities and resources), 

— the effectivity of the planning subsystem. 

Nevertheless, in any case new specific project plans are created and the best 
one gets integrated at time tfix + Tp;a„ (IRQ-2). This new project plan object 
implies that all other systems (DMS, RPS) have to adapt their organizations. 
The sum of both time intervals (reaction time Tr-eact + planning time Tpian) 
defines the asynchronous phase of the involved systems (like exhibited in fig. 2). 
Together with the documentation of the intervention decisions the currently 
adapted project plan is a perfect detailed description of the project history. 
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2 Project Management System 

2.1 Basic Notions 

To describe the logical dependencies of a software system a project structure is 
represented by a directed non circular graph with so-called project subtasks as 
nodes, where each subtask is a comprehensive container of an arbitrary sequence 
of project activities. Activities are the elementary building units of our model 
and characterized by the assignability of an unique type of human skill, by an 
externally generated time and a (optional) boundary concerning costs. Mapping 
the software design into a work breakdown structure, one has to observe that 
at one extreme a project activity can be started only in the case of successful 
termination of its predecessor activity (concerning the same subtask), and at 
the other that the first activity of a new subtask will only be able to begin if all 
predecessor subtasks of the graph are finished successfully [8]. 

Resources are restricted to human resources because this type is the most 
important in software development projects. Each resource of an existing re- 
source pool is characterized by a discrete set of resource steps to enable the 
specification of variable costs and skills of each person. An amount belongs to 
each step of a person to specify the costs per hour, and addional values (so- 
called capacities) to define the personnel skills for performing the designated 
project activities. Furthermore, a database for storage of relationships concer- 
ning cooperation between all human resources is defined, which is necessary to 
build optimal resource groups for each single project activity [8]. With respect 
to observed deviations between the planned project flow and its realization and 
due to modification decisions of the project manager, the database gets updated 
automatically. 



2.2 Formalism of Base Model 

To be successful in building a model of a project management system, which 
also represents the dynamic behavior, some further common basic requirements 
have to be accomplished: 

— integration of time 

— ability for simulation 

In our case the Discrete Event System Specification (DEVS) formalism is 
used to describe each project subtask and each human resource[13]. 



DEVSm = {X^, S^, r™, CS Am, T^),m€M 
DEV Sr = {Xr, Sr, W, K, Tr),rGR 



where M is the set of project-subtasks and R the set of human resources. X 
is a set, the names of external event types, S the set of the specific sequential 
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Fig. 3. DEVS Network 



states, V the output set, the internal transition function, the exter- 
nal transition function, A the specific output function and t the so-called time 
advance function [8]. 

Direct communication between all these atomic DEVS systems (subtask 
DEVS: DEVSm, resource DEVS: DEV Sr) is not possible, it gets managed by 
an addional supervising DEVS system, called decision DEVS: DEV Sq, which 
has to plan, to schedule and also to master all activities. 



DEVSq = (Xo, 50, Eo, <5§"‘, Ao, tq, {Eq,. \i&M\JR}) 

Zq i : Sq — y i € XI U R 

Zoy describes the 0-to-i output translation and is called selector. 

With respect to the recently defined logical dependencies, all above mentio- 
ned DEVS systems (DEVS components) are linked to a DEVS net, called project 
DEVS, which is another very complex DEVS system[13]. The result of coupling 
DEVS components is 

DEVSn = {Xn, Sn,Yn, Xn, tn) 

where, for instance, Sn = xSi,ieM U i? U {0} (for a detailed description 
see [10]). Based on that formalism, the following example illustrates the typical 
usage of the DEVS net (see fig. 3): 

A certain activity is ready to start and sends a specific request (subtask 
message: Am = eo) to the decision system, which has to find an optimal group 
of resources, by proving the dynamic states of all resources of the pool (selector 
output: Zg r = Cr, resource message: A^ = Cq). If no qualified resources are 
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available, a so-called passive waiting time has to be realized, if not, two other 
subcases are possible. First, if at least one member of the assigned optimal group 
is still busy for another project activity, a so-called active waiting time can be 
calculated and realized. Secondly, if all group members are in state free, the 
requesting activity can be started immediately (selector output: = Cm)- 



2.3 Subsystems 

The entire Project Management System (PMS) can be broken down into two 
subsystems, both using the same base formalism (DEVS network DEVSn)' 
the off-line runable Planning Subsystem (see fig. 2, fig. 4, fig. 5) and the real time 
Control Subsystem (see fig. 2, fig. 5). 




Fig. 4. Optimization 



It is the primary target of the planning system to produce project plans 
whenever needed and as efficient as possible. In order to be successful (and with 
respect to the objective function, which is multiobjective and nonanalytical), 
the method of simulation has to be used in general; particularly evolutionary 
computation based methods (i.e. genetic algorithms [1]) for local optimization 
and numeric non gradient methods for global optimization get used (see also 
fig. 4). The control system has to carry out four important tasks (fig. 5): 
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— emulation of the project flow 

— display of relevant real time informations 

~ integration of external (DMS generated) interventions 

— supervising of the entire PMS 

Based on the current project plan and the specific DEVSn, the DEVS for- 
malism is also used to realize the real time emulation mechanism (Event Base 
Coordination DEVS), which enable the so-called monitor display of project flow 
informations (EBC messages, see fig. 5). For a more detailed explanation see[9]. 




Fig. 5. PMS 



Two types of real time information are shown in table 1 (concerning sub- 
tasks) and table 2 (concerning resources). Line 1 and line 2 of table 1 describe 
project activities in passive waiting states (no qualified resources available), line 
3 and 5 are examples for busy subtasks (characterized by an explicit resource set 
and a calculated execution time interval) and line 4 stands for an activity in an 
active waiting state (resource set and calculated waiting time available). From 
the viewpoint of the project management line 3 and line 5 are implicit definiti- 
ons of so-called milestones^]. Whenever necessary, remaining time informations, 
corresponding to the actual time, can be obtained from column 8 of table 1. It is 
clear that this kind of information can be generated only for subtasks in states 
like presented in lines 3,4,5. 

Lines 1,4, 5, 6 of table 2 are self illustrating, line 2 and line 3 need some 
additional explanation. Line 2 means that resource 2 is actually busy for activity 
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Table 1. Snbtask Information 



Subtask 

Number 


Node 

Number 


Activity 

Number 


Subtask 

State 


Resource 

Set 


Time 

Execute 


Time 

Wait 


Time 

Remain 


4 


5 


3 


ready 


- 


- 


- 


- 


3 


4 


1 


ready 


- 


- 


- 


- 


5 


6 


2 


busy 


1,2 


3.4 


- 


- 


7 


10 


1 


ready 


2,3 


- 


2.1 


- 


6 


9 


2 


busy 


4 


6.3 


- 


- 



2 of subtask 5 but already reserved for subtask 7, line 3 describes a prereservation 
of resource 3 for subtask 7 (therefore resource 3 is not available for other project 
activities). 



Table 2. Resource Information 



Resource 

Number 


Resource 
State- 1 


Subtask 

Number 


Activity 

Number 


Resource 

State-2 


Subtask 

Number 


Activity 

Number 


1 


busy 


5 


2 


- 


- 


- 


2 


res 


7 


1 


busy 


5 


2 


3 


res 


7 


1 


free 


- 


- 


4 


busy 


6 


2 


- 


- 


- 


5 


free 


- 


- 


- 


- 


- 


6 


zero 


- 


- 


- 


- 


- 



Besides, the monitor window, based on table 1 and 2 is used to realize an 
input (update) interface for simple interventions by the DMS. Permissible mo- 
difications are for instance: 

~ increasing of the remaining time of a busy activity (lines 3,5 - column 8 - 
table 1) 

— decreasing of the remaining time of a busy activity (lines 3,5 - column 8 - 
table 1) 

— state transition of a resource from zero to free (line 6 - column 2 - table 2) 

— state transition of a resource to zero, independent of the current state (lines 
1,2, 3,4, 5 - column 2 - table 2) 

If a resource group is involved, time modification automatically leads to cor- 
rections within the cooperation database (see 2.1). It is an essential feature of 
the control subsystem to establish a link to the remaining times of all other 
busy activities if you select the second modification (i.e. decreasing of a remai- 
ning time). It is clear that each correction of such a remaining time must be a 
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positive number, and that the duration Tpi^n can be defined as minimum of all 
calculated remaining time intervals (lines 3,4,5 of table 1). 

On the one hand, the input of time t fix marks up the start of the replanning 
phase of the PMS (duration Tpian), but on the other hand it is the beginning 
of the so-called integration phase of the control subsystem (see fig. 5). First, an 
immediate storage of the entire running emulation state into a structure named 
status{t fix) is performed (the emulation keeps running obviously). Secondly, a 
new system state - statusnew{t fix + Tpian), which depends on the future time 
tfix + Tpian and all forced modifications, has to be calculated and stored. Fi- 
nally, a transmission of the stored and already modified structure takes place; 
the remaining project flow has to be replanned under the new circumstances by 
the planning subsystem. Because both subsystems (planning system and con- 
trol system) are built on the same base model, each stored system state of the 
emulator is usable to initialize a (new) planning session. Transmission, start and 
termination of the planning subsystem are managed by the supervising instance 
of the control subsystem (IRQs of fig. 2, fig. 5). At time tfix + Tpian the hitherto 
best project plan (called optimal plan) has to be taken over into the original 
running emulation system substituting the old project plan object. All involved 
systems are now synchronized based on DMS decisions; the underlying model is 
adapted. 



3 Conclusion 

From the system point of view, each model of a software development process, 
but rather the task of managing it, is a living system or complex adaptive system 
(CAS) [6]. Adaption of our system (PMS) is implied by interrupts of a decision 
making environmental system (DMS). Our PMS provides an interactive interface 
to support such intervenient decisions: 

— permanent display of relevant real time informations 

— transparent input of structured modifications 

It is the main responsibility of the DMS to determine time and type of inter- 
ventions (availability of resources, degree of accomplishment of quality criteria 
and milestones are crucial aspects). Automation of these tasks in addition will 
lead to a more comprehensive model or higher level system: a self adapting model 
for managing software development projects. 

Apart from a few exceptions, which do not restrict generality, the presented 
theoretical concept is already implemented as a prototype (the very complex 
user interface for aggregate interventions is not realized yet, see 1.2). To satisfy 
all kinds of requirements (i.e. support of bit operations in genetic algorithms, 
modern graphical user interface), the application framework MS-VisualC-|— I- is 
used[ll]. Because multitasking is an unavoidable precondition for our PMS, the 
operating system MS-WindowsNT was taken as a basis. 
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Abstract. As we try to fulfill the requirements upon quality of the software 
products we cannot avoid the use of the complexity metrics. There is a lot of 
different metrics and also there are hundreds of tools for analyzing the software 
with some of those metrics. However, since all tools available are concentrated 
only on some specific programming metrics, for a comprehensive analysis one 
has to use a lot of different tools. We wanted to derive an environment that 
would include all of the mostly used metrics, and since we are also developing 
new metrics ourselves, we developed a tool called Software Complexity 
Analyzer, that beside classical metrics incorporates also more universal fractal 
metrics. 



1 Introduction: Fractal Complexity Measure 

Software complexity is aimed to objectively associate a number with a program, based 
on the degree of presence or absence of certain characteristics of software. It is 
assumed that software complexity is related with such features of software like 
number of errors left in the software, effort to design, test or maintain a software 
product, development time, maintenance cost, etc. The main weaknesses of the 
traditional software complexity metrics are: 

- language dependency 

- form dependency 

- the output of a traditional complexity metric is a number, usually without any 

“physical” meaning and unit. 

The majority of experts agree that complexity is one of the most relevant 
characteristics of computer programs. For example Brooks states that computer 
software is the most complex entity among human made artifacts [Broo87]. But what 
is complexity and how can we measure it? There are two possible, not completely 
distinct, viewpoints: 

the classical computational complexity [Coh86, Weg95] and 
recent “science of complexity” [Pin88, Mor95]. 
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The first viewpoint is well know and researched. Thereafter it is much more 
interesting to concentrate on the second view and the aim of this section is to present 
some ideas and results concerning it. 



1.1 Complexity 

According to Morowitz [Mor95] the complex systems share certain features like 
having a large number of elements, possessing high dimensionality and representing 
an extended space of possibilities. Such systems are hierarchies consisting of different 
levels each having its own principles, laws and structures. The most powerful 
approach for studying such systems was reductionism, the attempt to understand each 
level in terms of the next lower level. The big weakness of the reductionistic approach 
is that it is unable to explain how properties at one level emerge from the next lower 
level and how to understand the emergence at all. The problem is not the poverty of 
prediction, but its richness. The operations applied to the entities of one level generate 
so enormous many possibilities at the next level that it is very difficult to make any 
conclusions. This demands radical pruning and the main task of complexity as a 
discipline is to find out the common features of pruning (or more generally selection) 
algorithms across hierarchical levels and diverse subject matters. 



1.2 Quantitative Properties of Complexity 

Many different quantities have been proposed as measures of complexity. Gell-Mann 
[Gell95] suggests they have to be many different measures to capture all our intuitive 
ideas about what is meant by complexity. Some of the quantities are computational 
complexity, information content, algorithmic information content, the length of a 
concise description of a set of the entity’s regularities [Gell95], logical depth [Gell95], 
etc., (in contemplating various phenomena we frequently have to distinguish between 
effective complexity and logical depth - for example some very complex behavior 
patterns can be generated from very simple formulas like Mandelbrot’s fractal set, 
energy levels of atomic nuclei, the unified quantum theory, etc.- that means that they 
have little effective complexity and great logical depth). A more concrete measure of 
complexity, based on the generalization of the entropy, is correlation [Schen93], 
which can be relatively easy to calculate for a special kind of systems, namely the 
systems which can be represented as strings of symbols. 



1.3 Complexity and Computer Programs 

Computer programs, including popular information systems, usually consist of (or at 
least they should) number of entities like subroutines, modules, functions, etc., on 
different hierarchical levels. Concerning “laws of software engineering” or the 
concepts of programming languages [Watt90] the emergent characteristics of above 
entities must be very different from the emergent characteristics of the program as the 
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whole. Indeed, programming techniques as stepwise refinement, top-down design, 
bottom up design or more modem object oriented programming are only meaningful if 
different hierarchical levels of a program have distinguishable characteristics. 

Computer programs are conventionaly analyzed using the computational 
complexity or measured using complexity metrics [Cont86, Fent91, Schne94]. 
Another way to asses complexity is, for example, to use Fractal Metrics [Kok94]. But 
as we can see from above we can regard computer programs from the viewpoint of 
“complexity as a discipline” and according to that apply various possible complexity 
measures. The fact that a computer program is a string of symbols, introduces an 
elegant method to asses the complexity - namely to calculate long range correlations 
between symbols, an approach which has been successfully used in the DNA decoding 
[Buld94] and on human writings [Schen93]. 



1.4 Long Range Power Law Correlations 

Long range power law correlations (LRC) have been discovered in a wide variety of 
systems. Recognizing a LRC is very important for understanding the system’s 
behavior, since we can quantify it with a critical exponent. Quantification of this kind 
of scaling behavior for apparently unrelated systems allows us to recognize 
similarities between different systems, leading to underlying unifications. For 
example, the recent research has shown that DNA sequences and human writings can 
be analysed using very similar techniques, and we are interested if alike approach can 
be applied to computer software, too. 

In order to analyze the long range correlations in a string of symbols we must first 
map the string into a random walk model [Buld94]. The advantage of this method over 
more traditional power spectrum or direct correlation of string’s correlation is that it 
yields high quality scaling data [Schen93]. 



1.5 Fractal Software Complexity Measure: a metric 

Alpha metric [Kok98b, Kok99] is based on the long range correlation calculation. In 
this paper we will use the so-called CHAR method described by Kokol [Kok98b]. A 
character is taken to be the basic symbol of a computer program. Each character is 
then transformed into a six bit long binary representation according to a fixed code 
table (i.e. we have 64 different codes for the six bit representation - in our case we 
assigned 56 codes for the letters and the remaining codes for special symbols like 
period, comma, mathematical operators, etc) is used. The obtained binary string is 
then transformed into a two dimensional Brownian walk model (Brownian walk in the 
text which follows) using each bit as a one move - the 0 as a step down and the 1 as a 
step up. 

An important statistical quantity characterising any walk is the root of mean square 
fluctuation F about the average of the displacement. In a two-dimensional Brownian 
walk model the F is defined as: 
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where 

^yQJo) = yik + i)-yik) 

I is the distance between two points of the walk on the X axis 

l„ is the initial position (beginning point) on the X axis where the calculation of 

F(l) for one pass starts 

y is the position of the walk - the distance between the initial position and the 
current position on Y axis 

and the bars indicate the average over all positions 

The F(l) can distinguish between two possible types of behaviour: 

if the string sequence is uncorrelated (normal random walk) or there are local 
correlations extending up to a characteristic range i.e. Markov chains or symbolic 
sequences generated by regular grammars, then 

F{1) - 

if there is no characteristic length and the correlations are “infinite” then the 
scaling property of F(l) is described by a power law 

F{1) - /“and a 0.5. 

The power law is most easily recognised if we plot F(l) and / on a double 
logarithmic scale. If a power law describes the scaling property then the resulting 
curve is linear and the slope of the curve represents a. In the case that there are long 
range correlations in the program analysed, a should not be equal to 0.5. 



2 Software Complexity Analyzer 

To confirm our theoretical findings about new fractal metrics, to compare them with 
the conventional software metrics and of course to be able to analyze large quantities 
of commercial programs we developed a program tool called Software Complexity 
Analyzer (Figure 1). We wanted to derive an environment that would include all of the 
most often used conventional complexity metrics together with our new, more general 
fractal metric. 

Our interest is primarily focused into analyzing source code of computer programs. 
Since we want the tool to be as programming language independent as possible, it has 
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to provide a transparent way to handle different programming languages. In this 
manner every programming language is described with a set of attributes needed for 
analysis. Once the set of needed attributes is described, all kinds of analyses can be 
performed upon source code of a specific programming language. We have already 
described some general purpose programming languages (Java, C, C++, Pascal, 
Fortran), others can be added through an intuitive user interface. For the analyzing 
purposes we also added the possibility of generating syntactically and semantically 
correct random programs (GRP). 

Sometimes it is useful not only to analyze the source code but also to analyze some 
other program representation, for example object code or a compiled program. 
Therefore it is possible to analyze binary data and in this way compare the growth of 
complexity through the whole life cycle of a computer program. 




Fig 1. Working environment of Software Complexity Analyzer. 



In order to analyze data with a-metric they have to be transformed into Brownian 
motion, a sequence of 0 and 1. For binary data representation we just have to select 
which bits will be considered. For source code of computer programs, we have more 
options: char method requires coding table, where each character is described with a 
binary sequence, categories method requires each language category to have its own 
binary sequence, and operator-operand method requires such a sequence for 
operators/operands. From a Brownian motion model a regression curve can be 
calculated, from which we can obtain a coefficient. Regression curve, Fourier 
transform, a local slopes and similar interesting data can also be presented in visual 
form as graphs. 

To avoid repeating the same procedures over and over again, and to avoid 
analyzing once already analyzed programs, simple database has been added that can 
store all interesting data about a computer program, like general information, obtained 
results from analysis, etc. and also programs, that are being analyzed. Such database 
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shows its real value especially when performing some larger analyzing experiments. 
Beside the calculations and analysis that are provided by Software Complexity 
Analyzer, we would also like to perform some less used statistical analysis or include 
obtained results in reports. Therefore we can export data to some general purpose (like 
MS Excel) or more specialized programs (like SPSS, Statistic or Chaos Analyzer). 



3 Application of the Tool and Conclusion 

Among others applications the tool as been used to analyze the NIAM formal 
specification conceptual schemes and sub - schemes. All sub - schemes have been 
ranked according to their assessed a - metric values. The sub - scheme’s ranks for 
each conceptual scheme have been then averaged. According to these average ranks 
the conceptual schemes have been ordered. Opposite to our expectation the intuitive 
order and the calculated order didn’t match. Indeed the statistical analysis using 
Spearman correlation showed statistically insignificant (Spearman R = -0.28) 
reciprocal relation between a - metric complexity and intuitive complexity. Contrary, 
the internal ranking of sub - schemes within each conceptual scheme was in match 
with intuitive order both individually and in average. In fact the majority of internal 
and intuitive orders within conceptual schemes where statistically significantly 
correlated (on the p = 0.05 level). This last observation revealed the hypothesis that 
there is something wrong with the intuitive order of conceptual schemes. A closer 
examination exposed the following three assumptions about the complexity of sub - 
schemas: 

1 . conceptual schemes with equality relation have the highest ranks and are thereafter 
the most complex; 

2. conceptual schemes with exactly one totality relation have the lowest ranks and are 
as a consequence less complex, in fact it seems that exactly one totality relation per 
scheme reduces the complexity. 

3. Total functions (relation in the middle) have highest middle ranks and thereafter 
“high - middle” complexities. 

4. All other relations contribute by approximately one quarter of the equality relation. 

According to above we constructed a simple ranking function /j, and used it 
produce order generated (Table 2). We can see that the ranks generated by the 
a - metric and the ranks generated by the ranking function f are in close match. 
Indeed, the Spearman’s correlation coefficient is 0.88, meaning that the correlation 
between these two orders is statistically significant (p = 0.000) which proves the 
assumptions 1 to 4 introduced before. 

The results obtained by using the tool can help us a lot by gaining insight into the 
complexity of the formal specification. As a consequence we can use them as a 
guideline for designing less complex specifications which are then first easier to 
understand by end users (making them more valid) and second easier to implement. 
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Table 1. Ranking of NIAM’s schemes according to ranking function. 



SCHEMA 


Rank defined by 
a - metric 


Rank defined by ranking 
function 


1 


6 


20 


2 


10 


13 


3 


10 


10 


4 


20 


16 


5 


10 


6 


6 


20 


19 


7 


16 


17 


8 


23 


22 


9 


20 


21 


10 


16 


18 


11 


14 


15 


12 


2 


1 


13 


9 


12 


14 


10 


8 


15 


16 


14 


16 


26 


26 


17 


19 


23 


18 


6 


7 


19 


5 


9 


20 


25 


24 


21 


1 


4 


22 


23 


25 


23 


14 


11 


24 


2 


3 


25 


4 


5 


26 


6 


2 
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Abstract. Presynaptic Inhibition (PI) basically consists of the strong 
suppression of a neuron’s response before the stimulus reaches the synaptic 
terminals mediated by a second, inhibitory, neuron. It has a long lasting effect, 
greatly potentiated by the action of anaesthetics, that has been observed in 
motorneurons and in several other places of nervous systems, mainly in sensory 
processing. In this paper we will focus on several different ways of modelling 
the effect of Presynaptic Inhibition(PI) in the visual pathway as well as the 
different artificial counterparts derived from such modelling, mainly in two 
directions: the possibility of computing invariant representations against general 
changes in illumination of the input image impinging the retina (which is 
equivalent to a low-level non linear information processing filter) and the role 
of PI as selector of sets of stimulae that have to be derived to higher brain areas, 
which, in turn, is equivalent to a “higher-level filter” of information, in the 
sense of “filtering” the possible semantic content of the information that is 
allowed to reach later stages of processing. 



1 Lettvin’s Divisional Inhibition. Invariant Computation Using 
PI-Like Mechanisms 



One of the first known formalisms intended to describe the effect of presynaptic 
inhibition is due to Lettvin [1], who named it Linear Divisional Inhibition. Lettvin 
suggested that inhibition may cause a change in membrane permeability at the point 
of inhibition equivalent to a change in electrical conductivity. Such a change will act 
as an electric shunt, and it follows that if E is the excitation on a fibre that receives 
divisional inhibition I, the resultant activity, A, is: 



A = 




( 1 ) 



where I„ is a constant. For I»I„, A=I„E/I. 
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This mechanism was used by Moreno-Diaz [2] as part of the operations carried out 
by a frog retinal group two ganglion cell model to account for the temporal behaviour 
of the cells , where two kinds of presynaptic inhibition were assumed: linear 
divisional and nonlinear. 

In its simplest form, the same mechanism can be used to build a neuron-like 
network to compute invariances against global changes in its input. This would be a 
desirable goal of the usual pre-processing of an image, the resulting image being sent 
to a higher level stage to be analyzed. Some preprocessing characteristics have been 
described to be present in retinal computation, but no known mechanism, besides 
adaptation, have been described to obtain a representation which is invariant against 
global illumination changes. In the model that follows, parallelism is a need for the 
system to work properly. We will assume that processors (ganglion cells) are arranged 
in layers, that some kind of computation is done by every cell on their receptive fields 
and that the output of the layer is a transformation of the original data. There will also 
be a plexiform layer where the inhibition between cells take place [3] (Fig. 1). 




Fig. 1. A parallel processing layer of units performing a model of PI activity 

Let then I(x’,y’,t) be a representation of the original input image impinging on the 
fotorreceptor layer and T the output of our system as measured in the axons of the 
ganglion cells. The effect of the presynaptic inhibition will be defined in two parts: let 
be Tj(I(x’,y’,t)) and T 2 (I(x’,y’,t)) two linear transformations whose kernels are 
respectively Wj(x,y,x’,y’,t) and W 2 (x,y,x’,y’,t) such that: 
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jlVj(x,y,x’,y’,t)c/x’dy’=0 , (2) 

where c is the domain of each receptive field. This accounts for the fact that the 
known receptive fields structures in retinal ganglion cells have mutually cancelling 
regions, e.g., inhibitory and excitatory regions that cancel each other (center-surround 
or bar-type regions). This is a basic requisite in the description that follows. 

The effect of the transformations Tj and T^ on the input image is expressed as 
usual: 

T,{I{x\y\t)) = \l{x\y\t)W,{x,y,x\y\t)dxW . (3) 

C 

and the presynaptic inhibition effect would then be expressed as the ratio: T=T/T 2 . 

In these conditions is easy to prove that a change of I(x,y,t) like: 
I(x,y,t)=KI(x,y,t)-tR(t), where k is a constant and R(t) a function of time representing 
a global change on light intensity over the retina, would not affect the calculation of 
T. Thus, when Tj»Tj 



_ f kI{X\ tWi (X, X',t)dx’dy’+ f R(tWi (X, X',t)dx’dy’ 
^,_ T,{r{X\t)) _ i 

T2 (r(X’,t)) j kI(X\t)W2 (X, x',t)dx^dy+^ ^( 0^2 ^ t)dx’dy^ 



Ic j I{X’,t)Wi (X,x\ t)dx’dy’+R(t)j (X,X\ t)dx’dy’ 

c c 

* j I(X ’, t)W 2 (X, X ’, t)dx’dy\R(t)j IV 2 (X, X’,t)dx^dy’ 

c c 




(4) 



where 



X"={x\y") and X = (x,y) , (5) 

A plausible place in the nervous system to locate this kind of invariant computation 
is the LGN. The output of information from retina through the optic nerve follows 
three channels towards higher brain areas, being the geniculo-cortical pathway the 
one receiving more fibres. In the LGN a topographical representation of the whole 
retina can be found. The cells in the LGN are arranged in six perfectly defined layers 
and attending to the size of the cells these layers could be divided into two groups: the 
magnocellular layer and the parvocellular layer [4]. The magnocellular layer is 
formed by big cells working on the illumination characteristics of the input image and 
the parvocellular layer includes smaller neurons involved in color coding. 

Our mechanism can be assumed to work in the magnocellular layer. The 
transformations Tj and T^ are computed by the ganglion cells and the result reaches 
the LGN via the optic nerve. The cells at the magnocellular layer of the LGN would 
be the units that compute the invariant representation T using presynaptic inhibition 
(see Fig. 1). The simplicity of the figure mimics the simplicity found in the 




500 



R. Moreno-Diaz jr., J.C. Quevedo-Losada, and A. Quesada-Arencibia 



physiology of LGN where each cell receives only a few input lines from retina 
including inhibitory effects. Thus, one of the possible outputs of the LGN would be 
an invariant representation of the light pattern already coded by ganglion cells. 



2 Model Refining, Non Linear Divisional Inhibition 

Despite the above model is quite useful when specific illumination conditions are 
present, there are certain formal objections that make it unsatisfactory, both from a 
formal as well as an applied point of view. First, we can start taking into account the 
idealized performance of PI (Fig. 2) [5]. 



% Reduction of 
Action Potencial 




Fig. 2. Idealized performance of PI 



As we can observe in the graphic, when is smaller than a certain threshold (t„) 
the Presynaptic Inhibition mechanism does not reduce the action potential at all. From 
the threshold t„ to tj PI presents a linear performance, and for values of grater than 
this threshold PI reduces the action potential to zero. Thus the idealized performance 
of T can be expressed as follow: 



T = f(T„T^) = 



^1 '/ ^2 - ^0 

r{T„T^) if t,<T2< h 
0 if T^> t, 



( 6 ) 



Using the original analysis of Lettvin, already mentioned at the beginning of this 
paper, we obtain the following expression: 



T = 




(7) 
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to model Presynaptic Inhibition, where is a constant. This comes from considering 
the action of PI as an electric shunt. 

It has been used a linear function in the denominator. However, the function that 
better fits the ideal performance has a shape shown in Fig. 3: 




1 



m)= 



al2 +b 



OO 



if T 2 < h 
if ta<T2<h . 
if T2>h 



( 8 ) 



Now we show a comparative graphic where we can observe the functions 
mentioned above and the idealized function in Fig. 4, and at the same time we present 
another non-linear function that fits better into the idealized function (we use an 
exponential function): 



New exponential 




Fig. 4. Comparative graphic of the different models of PI 
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The new model is an exponential function as follows: 

f(T2) =—*e^+^- (9) 

a 

T = ^ . (10) 

* p b + \ 

a 

where a and b are constants that should be obtained depending on t„ and tj and trying 
to make the best fit with the idealized function. This model is similar to 
Schypperheyn’s model, who named it Non-Linear Divisional Inhibition [6]. 

To illustrate this point, we developed an example where invariances against global 
uniform illumination changes can be observed (Fig. 5). In Fig. 5a we have the original 
image, which is a 132x102 pixel black and white image with 256 grey levels. In Fig. 
5b we present the result of performing the operation indicated in expression (10), 
where we used Newton Filters [7], both to calculate Tj as well as T^. In Fig. 5c we can 
observe the original image (I(x’,y’,t)) transformed as follows: 

I{x\y\t) + R(t) = I{x\y\t) + 200, that is, R{t) = 200 . ( 11 ) 

Finally, in Fig. 5d we show the result of performing the same operation as in the 
previous case, and we can verify that this image is equal to the image of Fig. 5b, 
confirming the theoretic results explained in the first point of the paper. Besides, the 
improvements to which this new exponential model contributes can be seen 
graphically on Fig. 4, since it fits better into the idealized function. We can see this in 
the implementation of the examples where if we do not use this model we would have 
problems in the limits, that is to say when Tj<=t„ and T^>=tj. In this case the other 
models differ strongly. The implementation of this examples has been carried out by 
means of a program developed in the programming language Borland Delphi 
Professional 3.0 for Windows 95. 



3 A Possible Mechanism to Control Visual Attention and 
Information Flow via Pi 

The Theory of Vision’s goal is, basically, to build a theoretical and practical 
framework to explain the visual function in live beings and its possible artificial 
counterparts. The sense of vision is, in most of species, the one that processes the 
biggest amount of information coming from the outside, being the most important in 
guiding its behaviour. The ability to discriminate certain parameters and locate what 
part of all that information is significant is crucial for both natural and artificial 
complex systems [8]. 

In a previous paper [9] a theoretical construct called Directed Foveal Transform, 
TFD, was presented as the first step in modelling the attentional mechanisms ruling 
the visual processes of vertebrates. The kernel of the TFD is a variation of the moving 
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average that presents the highest acuity on a particular area in the retina (called 
fovea). Originally this area of better resolution expanded from the center of the image. 
In the TFD, the dominia on which the best resolution is placed can be located around 
any point in the image and at the same time any foveal size can be especified. It is 
also possible to define, on the parafoveal zone, transformations where the 
completeness is not a crucial factor. Thus, we see the goal of defining this 
transformations in different image areas as performing an “interest attractor”. On the 
parafoveal zones information is extracted but there is a loss of resolution, but once the 
event or characteristic is discriminated, the fovea can be placed over it in order to 
perform a more detailed operation. There is a basic idea underlying it: the economy of 
computations: no known visual system has large fovei (at least they do not cover 
more than 10% of the total system), otherwise the total information to process and 
transmit would be too high to cope with, needing then more complex and bigger 
nervous tracts and much more connections in intermediate stages of the visual 
pathway. Thus, the goal could be to achieve certain “economical balance” between 
structural complexity and detailed information to be transmitted. 




Fig. 5. A X-ray image of the shoulder. An example of invariance computation; From left to 
right and from top to bottom we have figures 5a, 5b, 5c and 5d: original image, processed 
image, displaced illumination image and processed image after displacement 

A step forward in the simulation of information flowing and attention mechanisms 
in the visual pathway would be to combine the above mentioned concept with the 
action of the presynaptic inhibition. The goal is then to highlight some feature or 
object in the image, blurring (or loosing resolution) the rest of it since we assume that 
it does not contain anything relevant. In the original TFD formulation, a three-step 
procedure was designed to locate a visual event on the input image and concentrate 
the highest amount of computation on it: 

1. First, it is necessary to locate the center of luminance of the region/object. The 
coordinates of the center of luminance will act as the coordinates for the center of 
the fovea. 
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2. Second, the outermost point of the object is located and the distance from the 
center of the fovea is calculated. 

3. We use this data in order to calculate the size of the fovea to be used. 

In order to include PI, a feedback line from the cortex is necessary to allow the 
information flow within the topographical representation of the retina that is present 
in the lateral geniculate nucleus [10]. In Fig. 6 we can see the proposed architecture. 
Thus, the mechanism will perform as follows: 

1. A first retinal description in terms of contrast, edges, color and movement 
parameters, present in the axons of retinal ganglion cells, reaches the LGN. These 
parameter calculations are already studied in previous reports [10,1 1,12]. 

2. This information is transformed in a second, higher-semantic content 
representation in terms of location of center of gravity of moving objects, high 
luminance or color- components areas and sent to the first layers of visual cortex. 

3. The decision of selecting the geographic position of the object of interest is made 
in the cortex, that sends a feed back signal to the LGN, and via PI controls what 
information is effectively reaching the LGN. 

This mechanism could be proposed as a “first-order” attention focusing 
mechanism. Note that it has nothing to do with “willingness” or purpose of behaviour, 
it is closer to an automatic response depending on outside stimulae. 



Optic 
1 Nerve 



Cortex 




Contrast -I- edge + 
color detection 



Analysis and 
Discrimination, 
Computation of location 
and sum of stimuly. 

Presynaptic 
Inhibition Site 



selection of 
geografic 
position of 
object/event 
of interest. 



Feedback from 
cortex to 
control 
information 
flow from retina 
to LGN 



Fig. 6. Representation of the feedback lines coming from the cortex into the LGN including the 
PI mechanism 
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4 Conclusions 

Although more information on the real connectivity of PI in LGN is needed, two 
immediate operations can be thought of being performed by that kind of mechanism: 
invariant computation and control of information flow. Mechanisms for obtaining 
invariant representations of features in the first steps of information processing are 
important in Nervous Systems since they provide the basis of reliable pattern and 
movement discrimination. In order to do this, it is plausible to expect that the visual 
cortex works, at least to some extent in the first steps, with a low-level invariant 
version of the input image. On the other hand, there is a need of controlling the total 
amount of information reaching effectively the brain, and this can be achieved, 
according to the connectivity of the first stages of the visual pathway, by means of 
two structures: first the existence of a foveal area in retina in which the resolution is 
maximal, and second, a control of the information flow in the LGN. In both, 
invariance computing and information control, the mechanism of presynaptic 
inhibition may play a crucial role. 

Regarding the artificial counterpart and applicability of the ideas presented before, 
the mechanism of PI, implemented in a parallel fashion, is suitable of being used in 
artificial perceptual systems, mainly in image processing, to obtain image 
representations invariant against general changes in illumination. 
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Abstract.This paper shows the interaction among the algebraic-analytical data 
fields theory, the complete descriptions that may be truncated for practical 
visual tasks and the different level of processing in the early visual pathway, 
in order to establish a measure of the representation of similarity between 
images. Our work is based on the approach of modeling the representational 
capabilities of systems of receptive fields found in early mammalian vision. It 
is well known that a representation scheme with a metric in the space of 
representation induce, in a natural way, a similarity measure between images. 
We propose in this paper to compare different representation schemes, based 
in previous theorems about completnes on data fields, according to the 
induced similarity measure. 



1 Introduction 

At all levels of the visual system, complex objects seems to be codified by the 
activities of population, networks or cells, and the representation of a particular 
object can be widely distributed through one or more visual areas. Many of the low- 
level areas of the mammalian visual system are retinotopically organized, that is to 
say, with an organization or projection that preserve, in certain degree, the 
topography of the retina. A unit that it is part of this retinotopics map, normally 
respond in a selective manner to an stimuli localized in a place of the visual field 
called the Receptive Field. 

The receptive field of a neuron anywhere in the visual pathway is defined as that 
portion of the visual field whose estimulation affects the response of the neuron. 
Computational models of perception usually assume that the neuron performs a 
spatial integration over its receptive field, and that its output activity is a (possibly 
nonlinear) function of 

ff K(x,y)I(x,y)dxdy (1) 

J JRF 

where I(x, y) is the input, and K(x, y) is a weighting kernel that describes the 
relative contribution of different locations within the receptive field to the output. 
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Also, it is well known that nervous systems exhibit a remarkable convergence and 
divergence of signal traffic [1]. In this sense information can be processed and 
conserved in detail through overlapping receptive field, being the variation of the 
degree of overlapping closely related to the degree of divergence in the system. 
This suggest a need for preserving information while it is passed from one level to 
another. 

The retina of the vertebrates can be considered as a system that processes by 
layers the visual information that comes in from the outer world; the information 
progresses longitudinally as well as transversally involving all of retinal neurons 
from photoreceptors to the ganglion cells. As a first stage in that progresses, the 
retinal image is sampling by a dense mosaic of fotoreceptors cells which through a 
transduction mechanism, provide the electrical signal which is later and gradually 
processed at the different stages of the visual pathway. 

Cell recordings in the retina of cats and monkeys have uncovered two classes of 
retinal ganglion cells whose axons form the optic nerve fibers along which visual 
information is carried to the lateral geniculate nucleus before reaching visual cortex. 
These two types, termed X and Y cells both have receptive fields with an 
antagonistic centre-surround organization, whose shape may be modeled as the 
difference of two gaussians (DOG). 

The axons of the ganglions cells form the optic nerve, which send the outputs to 
the lateral geniculate body, which constitute the first visual signal stop previous to 
reach visual cortex. It is well known that centre-surround circularly symmetric 
receptive fields, can simulate the representation at lateral geniculate body level. 

There are neurophisyological evidence that most of the neurons of visual cortex 
shows a diferenciated behaviour characterized by the responses to a particular 
stimulus, like edges, borders or lines and that this behaviour depends in a great way 
of orientation. So different orientations has to be considered to model the orientation 
selectivity. The x/y asymmetry was inspired by the shape of the receptive fields of 
the simple cells in the primary visual cortex of mammals, and made the units 
orientation selective. 



2 Complete Description of a Data Field 

As well as neurophysiologists worry about what natural neuron receptive fields are 
and what they are doing, persons working in Artificial Vision worry about complete 
descriptions and representations of images in order to approach nature. A 
description is said to be complete, at a given level of processing, if it contains all 
necessary data and data properties to achieve some goal. From an analytical point of 
view, a complete description needs the preservation of the number of degrees of 
freedom or the number of independent properties of the visual field. 

From a more generic and abstract point of view, we have consider a Data Field 
as the data available to feed receptive fields. To sample or to carry out a Data Field 
partition means to compute over sensorial data in parallel with some overlapping 
degree. In this way, a unidimensional data field of length N and resolution R is an 
ordered set of N places, such that a number, complex or real, with resolution R can 
be assigned to each place. 
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From a data field D, addressable by index i, a Complete Transformation is a rule 
to construct a second field D’ addressable by index j, from which field D can be 
recovered. 



D(N,R)<^D’(N’,R’) (2) 

A more realistic approximation take us to introduce the concept of "extended 
degrees of freedom" of a data field transformation which involves not only the 
number of places N , but the resolution of them R. Completness requires as 
necessary condition that: N • R = N -R’. Therefore, a possible temptation could be 
to assign to the places i, a greater resolution capacity such that if R>R then N’<N. 
This only would be possible through an additional structure of assignation of 
meanings, which suppose a jump of level. And viceversa, if in a natural or artificial 
process we find a situation such that R>R and consequently N>N’, it must exist an 
additional structure in order to establish the necessary coding at a superior level. 

This considerations have an interesting conceptual incidence in current research 
of "retinal coding", on what is known as "multiple meanings" in retinal processing 
for the vertebrate retinae. Thus it seems that retinal cells compress the original 
numbers of places in the retina at the expense of an increase of the resolution in 
tectum (frog) or cortex (cat), through a mechanism of coding-decoding of higher 
level present in said tectum or cortex; so that the extended number of degrees of 
freedom is mantained. 

The Receptive Fields System probably form the more relevant computational 
mechanism employed in the biological information process, and particularly in 
vision. The fact that different areas of a receptive field can contribute in a different 
way to the activity of the unit, in accordance with the profile or weight function of 
the Receptive Field, take us to consider two completely different aspects included in 
it which are: the function and the structure [2]. This is related with concepts 
concerning completnees of a visual transformation with respect to the receptive 
field, where the data is selected and to the function performed by the transform. This 
treatment emphasizes the separation of receptive field and function in visual 
processing and in general in parallel computation. 

These approach gave rise to a theory, with their respective theorems, lemmas and 
demonstrations, about Algebraic-Analytic Transforms in Data Fields [3]. The main 
objective of this theory was the design of Complete Transforms, both from the 
structural (data field partition carried out) and the functional (set of functions 
applied) point of view. One interesting analytic result was that the partition carried 
out over the data field, per se, could generate a complete description, with the same 
properties usually required to justify the functionals, that is to say, completeness, 
capacity to decrease the degree of freedom and security with respect to escotomas. 

In this context we have introduced the concept of Progressive Resolution 
Transform, in which it was realized that no matter what function it is performed, a 
vast class of partition could be complete. That is, given an image (a data field in 
fact, because the image fills a data field in memory), then one can, and it is 
convenient, to separate receptive fields from functions, so that a data field partition, 
by itself, can be complete. The following theorem folds: 

For a data field of N degrees of freedom (pixels), given a dimension d<N for 
receptive fields of computing units, there exists a complete PRT, which is formed by 
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all independent receptive fields of dimension d plus d-1 receptive fields which must 
be unitary. 

Next figure is an illustration of a PRT foveal transform. 



< N > 




♦ 




subretina 
or fovea 



♦ 




D=N-d+l 

elements 



Projection of the (N-d+l)/2 ± 1 
first elements of {D} 



Fovea Projection of the (N-d+l)/2 ± 1 
proyection last elements of {D} 



Fig. 1. Illustration of a PRT fovel transform 



The next logical problem was one of trade off, which is probably what happens in 
the retina, since the resolution of fibers is not necessarily preserved, and there is a 
multiple meaning coding, which in our terminology mean that each fiber of the optic 
nerve send information pertaining to more than one operation on the receptive field. 
There is a second theorem for that and it goes as follows: 

For a data field of N degrees of freedom, and an arbitrary partition giving L 
independent receptive fields such that M=N/L is an integer, then, the computation 
of M functional coefficients linearly independent in each partition provides for a 
complete description of the data field. 

In a more general way, we can conclude that in Artificial Vision and probably in 
natural vision too, it exists a basic trade off between functional and data field 
partitions to maintain the degree of freedom imposed by the objectives of the 
problem. 
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Nature does not follow theorems exactly, but they provide us with a clear way to 
approach nature. On any case, the parallel computing structures which result, are 
both illuminating to understand natural systems and to build artificial ones. 



3 Representation Spaces 

In Artificial Vision and in Image Processing also, it is frequently required to deal 
with descriptors proceeding from transformed spaces. The typical way to face the 
problem consists of spreading the spatial image in terms of a new set of coefficients. 
The justification of this expansion in visual recognition and image processing is 
based on a conjecture [4], which has not been yet reduce to formal theorems and 
therefore has no theoretical sustent. 

As we have indicated previously on the objective of the representation of data 
fields consists of obtaining alternative descriptions of the fields in order to generate 
a new pattern, according to certain selection rules. The methods are in essence those 
of a selection of coefficients in a complete representation. 

There are several methods for extracting features (principal components analysis, 
projection pursuit...). In this work we chose to explore a considerably simpler 
method of feature extraction, based on the notion of localized receptive field, 
borrowed from neurobiology of vision. So, we can consider the representation of the 
visual appearance of an object by a pattern of receptive field activities, or 
partition/functional, as a method of characteristic extraction. 

It is well known that a representation scheme with a metric in the space of 
representation induce, in a natural way, a similarity measure between images. We 
propose in this paper to compare different representation schemes according to the 
induced similarity measure, based in the above theorems about completnees on data 
fields. 

In the generation of the representation space, we may consider different factors 
like the complexity of the data fields, the extension and overlapping rate of the 
receptive fields, the nature and number of descriptors in each one of them, the 
resolution, etc. In this work we have considered the representational capabilities of 
systems of receptive fields found in early mammalian vision [5], under the 
assumption that the successive stages of processing remap the retinal representation 
space in a manner that make similar stimuli closer to each other, and dissimilar 
stimuli farther apart [6]. Concretely, we treat the visual pathway through three 
stages: 

1. Pixel based receptive fields, simulating the representation at 
photoreceptor level. 

2. Centre-surround circularly symmetric receptive fields, simulating the 
representation at lateral geniculate body level. 

3. Receptive fields based on oriented difference of Gaussians or (DOG), 
simulating the representation at primary visual area level. 



Dimensionality reduction must take place before classification is attempted. An 
intuitive description of the goal of the dimensionality reduction is the extraction of 
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low-dimensional features from the original representation space. Our program 
reduces the dimensionality of the input images by converting them into vectors of 
RF responses. For the purpose of pattern classification it is important to 
concentrate on dimensionality reduction methods that allow discrimination between 
class, rather than faithful representation of the data. 

Using for classification the vector of activities of the receptive fields, chosen 
according to certain criterium, which may be random or not, instead of the original 
image, effectively reduced the dimensionality of the input to a level which may be 
accepted provide a good performance. 

Indeed, the vectors of RF activities proved to be adequate for representing images 
for recognition, although it would be impossible to recover from it the original 
structure of the image. 



4 Computational Applications 

As a data field we have consider as set of images composed by 256*256 images 
faces of four individuals (figure 2). The different images of each face varied in 
viewing position, illumination direction and facial expression. 




Fig. 2. Set of images 

As we have indicated previously, we treat the visual pathway through three stages 
corresponding at the successive levels of processing in the visual pathway. 

The simulation at a fotorreceptor level correspond to a resampling of the input 
image with different degrees of resolution, so we could applied any pure resolution 
transform. To simulate the second stage corresponding to the lateral geniculate body 
level, we consider centre-surround circularly symmetric receptive fields. In this 
case, there are enough neurophisiologycal evidence that the psychophysical 
channels correspond closely to the LOG operators, so we consider as a functional 
kernels 
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Receptive fields based on oriented difference of Gaussians or (DOG), simulating 
the representation at primary visual area level. In this situation we use functionals 
kernels like 



M(x, y) = e 






(4) 



being the horizontal cross section of the directional operator a one-dimensional 
second derivative of a gaussian and its vertical cross a Gaussian. 

In each case we applied an algebraic analytical transform to the set of proposed 
images, by selecting a set of receptive fields and functionals, according to the 
theorem proposed about complete representations. 

As a final result we can observe in figure 3 the similarity measure induced by the 
each one of the above representations: The clustering in the retinal or pixel 
representation space is clearly inferior to the clustering in the LGN and VI. The 
performance of the LGN representation is nearly identical to that of the linear cortex 
model. 




Fig. 3. Similarity measure 



5 Conclusions 

We present a theoretical analysis and computational experiments that compare the 
visual representations through the successive levels of the visual pathway, from the 
retina to the linear cortical units. 

In spite of receptive fields compute local properties, these must be related in 
context to the whole image on the retina, in fact the visual cortex contains a 
topological projection of the retina. For example, in the visual cortex, locally 
computed variables such as edge orientation, spatial frequency and binocular 
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disparity are embedded in a map of the retinal image transmitted via the lateral 
geniculate nucleus. Thus we have serial as well as parallel processing. This suggests 
a need for preserving information while it is passed from one level to another. 

Additional motivation for RF-based representation is provided by recent work on 
the modeling of human performance in a variety of visuals tasks commonly referred 
to as hipemcuity. (In these tasks, the human visual system exhibits spatial resolution 
that is far below photoreceptor spacing, presumably due to the integration of 
information over extended regions of the retina) 
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Abstract. In this article an original formulation of McCulloch's Artificial 
Program II is presented. A general methodology in order to build layered 
distributed granular computing machines is obtained. We apply this Program II 
to the classification stage of a pattern recognition system leading to Lastres 
Approach. 



1 Introduction 

Neural Network Theory formally begins with [1] McCulloch and Pitts' works in 
1943. When considering the interrelations between natural and artificial neural nets 
the subjects may be grouped into two clearly different frames, referred to as 
McCulloch Program-I and McCulloch Program-II. Program-I aim was to find out 
biological counterparts of logic machines. It is over in such a way that the level of 
logic machines ends in automata theory. 

Program-II is much more concrete being a synthesis program which can be 
formulated for natural systems as: “Given a natural information processing system 
formed by sensors, effectors and decission making processes, the aim is to find out a 
neuron-like net, reliable and secure, meeting that function”. 

In this paper we reformulate Program-II for artificial systems and then we focus 
towards a procedure for the granular decomposition of a vision system and the 
classification stage. This constitutes a concretion of Program-II for recognition and 
classification artificial systems which led to Lastres Theorem. 



2 Reformulating Program-II 

Reformulation of Program-II can be done in the following terms: 

a) Identification of a subsystem (perceptual, decission or action) choosing a 
descriptive level and defining its properties. For example, it could be a 
subsystem belonging to an artificial vision system implemented on a Von 
Neumann computer. 

b) Synthesis of a parallel distributed neuron-like net, cooperative secure and 
reliable, duplicating the system with a layered structure of computational units. 
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For a well defined problem (id est, a pattern recognition system), Program-II is 
applied to each of the functional stages, thus obtaining the neuron-like network. 
Computational units can be dessignated as artificial neurons. 

A simplified version of the network structure corresponding to a generalized 
robotic situation is as follows [2,3]: 




Sensors 



The whole system has a set of exclusive modes of behaviour, each mode 
determines the overall task being performed. Selection of a particular mode is carried 
out by means of Command and Control Subsystem based upon the sensorial 
information and the system state. This decision is modulated by the external input (in 
practice, the operator console). 

Information concerning the selected mode M is sent to sensors which must be 
tuned in order to optimize data acquisition relative to action mode. That information 
is also sent to the subsystem named Planning in the Environmental Representation. 

Finally, the selected mode run and control the process of objective setting, 
planification and execution considering sensorial data S processed at a high level. 
Updated environmental representations are sent back through WR lines when mode 
changes. 

Lines between sensors and effectors correspond to reflex actions. Line E provides 
high level instructions to effectors according to action plan which must be decoded on 
specific effector actions. The fundamental function of the command and control 
system is the selection of the mode. All behavioural modes are mutually exclusive; 
the units also receive less processed information from all sensors, generating control 
signals and settings filters for all external inputs. According to McCulloch the 
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command and control computer decides what must be sensed and then what is 
important. This command computer must have a neuron-like structure. 

Each computing unit make a diagnosis of inputs and all of them must reach a 
consensus about the diagnostics which requires a large cooperation. The result of this 
intercommunication is the convergence into one single mode of behaviour, so that the 
system behaves as a whole. 

This cooperative structure allows to: 

a) Accelerate the decission process in order to select the behaviour mode. 

b) Provides a high reliability, that is, to get a reliable neural net. 

The Representation of the Environment requires a multisensorial mapping. There 
are two ways of structuring multisensorial information: 

• Integrated representation, in low level acquisition and in high level sensorial 
processing. 

• Step representation in which integration only occurs at high levels in symbolic 
structures. 

These two ways admit different levels of representation from geometric to 
symbolic; at least for artificial systems. Planification takes place in a scenario of 
representation correponding to a selected mode of behaviour. 

The generation of plans for solving problems involve artificial intelligence 
methods which implies two domains. The first domain is similar to a robot that 
moves avoiding obstacles, and is based on a geometric scenario. The second domain 
can contain symbolic scenarios. 



3 Lastres Approach 

Now the objective is to converge towards an approach for the granular decomposition 
of an artificial perception system or subsystem ( id est, a vision system and 
specifically the classification stage) by means of neurons. This constitutes an 
illustration of McCulloch's Artificial Program-II. 

We begin with some considerations about McCulloch and Rosenblatt neurons. Let 
be a non feedback network of N computational units i and M external input lines j. 
Input) value at instant t is x. (t). We make the following definitions: 



Definition 1 

An elemental neuron (EN) is a computational unit which stores a table of natural 
numbers aij with threshold fii computing: 



Input j to neuron i: Xi(t)= Z Xj(t) 
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C McCulloch = 



Single Output Yj(t+At) = J 



l^osenblat = 



1 ifX|(t) >0, 
0 otherwise 



X,(t) ifX(t)>0 
0 otherwise 



Definition 2 

An autoprogrammable elemental neuron (AEN) is a computational unit with two 
states, Sj and S^, controlled by an additional input line in such a way that: 

State Sp Takes input data Xj during At generating Ujj table. 

State S^: Computes the former EN equation. 

The network is strictly programmable if, during Sj, neurons generate the weights 
and the function to perform. 



Definition 3 

An autoprogrammable neuron (AN) is a computing unit along with two states: 

State 1: Takes input data xj, perform parameter computing, generates the table 
and stores it. 

State 2: Computes a function F giving an output: yj(t+At) = F[aij, xj(t)] 



4 PEN Lastres Theorem 

PEN are unfit for computing their own weights. Yet one or more PEN layer 
constitues an extraordinarily poor classifier unless specialized PEN layers are 
introduced. This situation is well illustrated by demonstrating the theorem as follows. 

We introduce two types of specialized PEN: 

PENl During Si, the neuron is desconnected from the net and in S 2 computes Z 
6i Pi being 5i descriptor i of presented unknown pattern. As can be seen is a 
neuron of weights pi. 

PEN2 During Si takes ay as weight and during S 2 is desconnected from the net 
and computing: 
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Theorem 

The square of the euclidean distance d^ can be computed by a PEN. 
In effect: 

df = 1 = X 8^ + S - 2^ a/, 



The first term is realizable by means of a specialized PENl network; the second 
term is realizable by means of one layer specialized PEN2 network; third term is 
realizable by a one layer conventional PEN network. The sum is realizable by means 
of a PEN neuron with fixed weights +1, +1 and -2 demonstrating the theorem. 

Let us consider the problem of pattern recognition for isolated shapes for which we 
adjunct the following figure: 
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We are interested in the Lastres Approach in order to obtain an autoprogrammable 
neural net relative to the kernel of a pattern recognition system. 
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Lastres Conjecture 

There is a reliable parallel distributed network comprising the kernel of a pattern 
recognition system. 



Lastres Problem 

Should it exist, which is a reliable parallel distributed net of autoprogrammable 
neurons solving Lastres Conjecture? 



Lastres Approach 

There exists an AN layer net solving Lastres Problem for a family of classifiers. The 
net can be build up through an AEN layer having certain distance formulations. 

Focusing Lastres Approach, the central idea is that each autoprogrammable neuron 
(AN) computes a distance or a class similarity. For our case a C units NA network is 
built (one for each class), computing (during state Sj ) a weighted center of gravity 
with each unit connected to all descriptor lines, coming from descriptor computing 
layer. Figure illustrates Lastres Procedure for a pattern recognition system: 



state: 
S , S 
1 2 



Data Field or 
Input Image (N) 




degrees of freedom 



degrees of freedom 



degrees of freedom << N 



d degrees of freedom < D 
c 



Class i sampling forms are presented for which Sj is activated in order to compute 
; this operation is repeated for each i. Then all autoprogrammable neurons AN go 
to state computing a fix distance function d; (a^^ D-) previously selected. 
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Conclusions 

We present an original formulation of McCulloch's Artificial Program II obtaining a 
general methodology in order to build layer distributed granular computing machines 
being fast, secure and reliable. 

In this context we have applied [4] Program-II to the classification stage of a 
pattern recognition system thus obtaining Lastres Approach identifying the 
Conjecture, the Problem and the Procedure and presenting the Euclidean Distance 
Compatibility Theorem for recognition by means of a Programmable Elemental 
Neuron Network. This constitutes the generalization of McCulloch Program-II for 
Artificial Perception Systems. 
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Abstract. Ontologies provide an explicit and shared specification of 
the domain knowledge in some field. With the objective of facilitating 
the integration of case-based reasoning, rule-based reasoning and patient 
databases, we propose a medical ontology, which is inherent to the opht- 
halmology domain, but it can be reused by another medical domains with 
the same representation requirements. In order to achieve this degree of 
reusing, the ontology was designed making a difference between core and 
peripheral concepts, domain-specific and method-specihe concepts and 
task(method)-relevant and task(method)-specific concepts. 



1 Introduction 

Case-Based Reasoning (CBR) is an Artificial Intelligence approach based on the 
idea of recalling previous problems and reusing their solutions in order to eva- 
luate and solve new cases [1,10,11]. In spite of the fact that CBR is becoming an 
important reasoning paradigm, there is a lack of methodologies for building and 
validating case-based systems [13]. Currently, CBR systems are built in an ad- 
hoc manner, and the results obtained are not as good as could be expected. We 
propose to develop case-based systems by applying the current methodologies 
available for building Knowledge-Based Systems (KBS). These methodologies 
are based on the knowledge-level hypothesis introduced by Allen Newell in the 
1980s [12]: the behaviour of an intelligent agent can be described at a level 
that is independent from its symbolic representation. Some of the most repre- 
sentative current approaches for knowledge-level modelling are Components of 
expertise [17], Generic Task [3], Task Structures [4], KADS [19], CommonKADS 
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la Tecnologfa (CICYT), through the research project TIC97-0604, and by the 
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[16,15] and Protege-II [14]. All of these approaches promote the reuse of know- 
ledge elements by providing, in many cases, libraries of knowledge types (mainly, 
problem-solving methods) . Currently, there are many researchers working on the 
reuse of ontologies [5,7,18,8], as they provide an explicit and shared specification 
of the knowledge structure. 

In this paper, we propose a medical ontology with the objective of obtaining 
an explicit specification of the expert knowledge. This specification facilitates the 
integration of case-based reasoning, rule-based reasoning and patient databases, 
by providing a support to validate and to maintain the system. In section 2, 
the building of our ontology for reusing in other clinical domains is commented 
on. In the following sections, the different parts of our ontology are described. 
Lastly, the discussion of this work is presented. 

2 Building Ontologies for Reusing 

Building, integration and validating ontologies is still an open field for resear- 
ching [7,18]. The interaction problem [2] states that the nature of an ontology 
depends on the tasks and methods that use their contents. With the objective of 
making easy the building of our ontology in an independent manner of problem- 
solving methods, we have distinguished between: 

— Core and peripheral ontology [18]: In the core part, the definitions are very 
general, whereas the peripheral part describes application specific concepts. 

— Domain-specific and method-specific concepts [18]: These attributes are in- 
troduced with the objective of promoting the reuse of peripheral parts of 
ontologies. The domain-specificity attribute indicates to what domain a con- 
cept applies, and so, which sub-domains can reuse this concept. 

— Relevant and specific concepts [8] : These attributes provide a way of reusing 
task or method specific concepts, and they are based on the following idea: ’a 
concept may be relevant for a task (or method) but not necessarily specific’. 

During the building of our ontology, we have borne in mind that the kno- 
wledge was going to be used by a case-based system, but, in a near future, it 
could be reused by another knowledge-based systems. So, the minimal of our 
work should be to: 

— keep apart the case representation and the expert knowledge model (in order 
to reuse this model), and 

— represent some expert knowledge that facilitates the retrieval and matching 
phases during the case-based reasoning 

In order to achieve these objectives, the ontological analysis was carried out 
in two stages. First, we acquired the knowledge independently of problem-solving 
method and we obtained a medical ontology with a structure very similar to a 
data model in a database. So, this ontology part was named Medical Data On- 
tology. Second, we extended Medical Data Ontology, taking into account the 
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medical diagnosis task and the case-based method. This analysis gave rise to 
distinguish another three ontology parts: Medical Case Ontology, Medical Dia- 
gnosis Ontology and Medical Context Ontology. We made a difference among 
these four ontology parts in order to promote their reuse. Next sections deal 
these ontology parts in more detail. 

3 Medical Data Ontology 

This ontology part has been developed by reusing some theories in the core li- 
brary described in [6], and later, by extending these theories with more specific 
concepts to our clinical domain. In this way, we have obtained a standard re- 
presentation vocabulary that has been modelled using CML [15]. Fig. 1 shows a 
small part of the Medical Data Ontology. The higher levels in this hierarchical 
structure corresponds to the core ontological part (denoted in Fig. 1 by Medical 
Central Ontology, MCO), as it includes general categories of medical knowledge, 
such as ’Anamnesis’, ’Findings’, ’Clinical state abstractions’, ... 




Fig. 1. A Small Part of Medical Data Ontology 



As the hierarchical structure is traversed, the medical concepts are more 
specific to our clinical domain, giving rise to the peripheral ontological part. 
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that contains concepts related to the ophthalmology domain (denoted by Medical 
Peripheral Ontology, MPO). 

4 Medical Case Ontology 

Medical Case Ontology has been developed with the objective of specifying the 
three components of a case: 

— the description of the problem: includes the greater part of the concepts 
specified in Medical Data Ontology. 

— the description of the solution to the problem: contains concepts about pro- 
posed medical diagnosis, applied treatments and some information about 
the reason for the choice of a treatment, taking into account the proposed 
diagnosis. 

— the outcome as a result of applying the solution: incorporates information 
about the follow-up of a patient, that is, 1) expected results from the applied 
therapy to the patient, 2) obtained observations and 3) performed therapeu- 
tic actions as a response to the differences between the expected results and 
the obtained observations. 

5 Medical Context Ontology 

Mainly, there are two basic ways of structuring a case library [10]: 

— as a flat memory, where each case is represented as a set of attribute/ value 
pairs 

~ as a hierarchical memory, which clusters together similar cases, with the ob- 
jective of making a more efficient retrieval phase. There are basically three 
approaches: shared feature networks, discrimination networks and redundant 
discrimination networks. All of these approaches requires complex procedu- 
res for the addition of new cases in the case library. Moreover, it is difficult 
to 1) keep the network optimal when new cases are added and 2) deal with 
missing information. 

In our approach, the case library is structured in a flat memory and stored in 
database records. Each case consist of a simple feature/value list (the description 
is in Medical Case Ontology), but as there is a structured description of the 
domain knowledge (Medical Context and Diagnosis Ontology), we can view the 
representation of a case as structured. Then, the domain knowledge is organized 
in two ontology parts: 

— Medical Context Ontology: contains knowledge used during case retrieval 

— Medical Diagnosis Ontology: incorporates knowledge about case matching 

Medical Context Ontology explicitly specifies a set of medical context, which 
are used for retrieving only cases highly relevant to the new case. A context can 
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be defined as a set of attributes relevant for a given retrieval [9], that is, in our 
approach, a set of constraints on the patient clinical state. The advantages of 
defining and using clinical contexts can be summarize in: 

— model the expert heuristic knowledge, and 

— focus diagnostic task, reducing the set of relevant cases 

An example of medical context in the ophthalmology domain is the named 
’Ocular Pain’, which can be described by the next constraints on the following 
symptoms: 

'Ocular Pain' = {< redness : yes, no >, < lessening of visual acuteness : 

yes, no >, < ocular pain : light, acute >, < lacrimosity : moderate, no >, 

< secreations : yes, no >} 

In Medical Context Ontology, medical contexts are organized in a network 
similar to a redundant discrimination network, where 

— each internal node (not leaf) is a question about a patient clinical state (that 
is, a question about a finding or a clinical abstraction), 

— each successor node is a different answer to the question on the higher node 

— each leaf contains a medical context, that is, a set of constraints on the set 
of findings and clinical abstractions of new case. 

The advantages of our approach, that is, of using a fiat memory combined 
with a hierarchy of medical contexts, are the following: 

— retrieval phase is more efficient 

— the addition of a new case is easy, just as a pure fiat memory, and 

— the choice of a context is intuitive for the expert, as consists of traversing a 
network 

On the contrary, the disadvantages are the same of a hierarchical approach: 

— it is necessary to maintain updated the network 

— it is not confirmed that the best case will be retrieved 

— it is necessary to define redundant networks in order to confirm the selection 
of a context 

6 Medical Diagnosis Ontology 

Medical Diagnosis Ontology has been developed with the objective of incorpo- 
rating knowledge that facilitates the case matching phase during the case-based 
reasoning. Medical Diagnosis Ontology contains several types of causal relati- 
onships between 1) pathologies and findings, 2) patient history and pathologies, 
3) pathologies and pathologies, and 4) findings and findings. This relationships 
includes attributes such as sensitivity, specificity or prognosis degrees. These re- 
lationships are used by a rule-based component in order to evaluate the amount 
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of evidence of the new case with respect to each diagnostic hypothesis. Medical 
Diagnosis Ontology also contains a set of meta-rules that control the evaluation 
of evidence phase, providing an ophthalmology domain independent mechanism. 
The application of these meta-rules consists of filtering the set of possible dia- 
gnostic hypothesis before the application of case matching phase. Finally, the 
causal relationships in Medical Diagnosis Ontology are used during the case 
matching and ranking phases, as only the findings expected to each pathology 
are taking into account (the findings of the new case not expected are noted as 
’unexplained’). 

7 Conclusions 

In this work, we propose an explicit medical ontology for facilitating the in- 
tegration of case-based reasoning, rule-based reasoning and patient databases. 
We started building our ontology by reusing some theories that define general 
categories of medical domain knowledge, such as described in [6], and later, by 
extending these theories with more specific concepts to our clinical domain. In 
this way, we have obtained the named Medical Data Ontology, which is inherent 
to the ophthalmology clinical domain, but independent of the medical diagnosis 
task and the case-based method. The specification of this ontology part has given 
rise to the design of patient database. In a second phase of ontological analysis, 
we extended our ontology taking into account the case-based medical diagnosis, 
and we built another three ontology parts: 1) Medical Case Ontology, which is 
specific to case-based method (and has given rise to the design of case library), 
2) Medical Diagnosis Ontology, which is specific to medical diagnosis, but only 
relevant to case-based method (this ontology part defines the knowledge rules 
and meta-rules applied during rule reasoning), and 3) Medical Context Onto- 
logy, which is specific to medical diagnosis and can be only relevant to case-based 
method by a small adaptation of its structure (this ontology part describes the 
discrimination network applied during retrieval phase). So, we have obtained a 
medical ontology, which is inherent to the ophthalmology domain, but it can be 
reused by another medical domains with the same representation requirements. 
As some authors have emphasized [5], the development of explicit ontologies can 
be the basis for the generation of knowledge representation languages specific to 
a domain. 
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Abstract. The paper is concerned with static uncertain systems described by 
a function or by a relation. Unknown parameters in the mathematical models are 
considered as so called uncertain variables described by certainty distributions 
given by an expert. Two versions of the uncertain variables based on two versions 
of uncertain logics are defined. In the second part of the paper the formulations of 
the analysis and decision making problems adequate to the description of 
uncertainty are presented and the general procedures of the problem solving are 
described. Simple examples and an algorithm of the decision problem solving for 
a discrete case illustrate the computational aspects of the approach based on the 
uncertain variables and the possibility of the application to computer-aided 
analysis and decision making. 



1 Introduction 

There exist a great variety of definitions and formal models of uncertainties and 
uncertain systems (e.g. [8, 9, 10]). The purpose of this paper is to present definitions 
and basic properties of so called uncertain variables (introduced in a brief form in [2, 
4, 5]) and to show how they may be applied to the analysis and decision making in a 
class of systems with unknown parameters in their mathematical descriptions. The 
unknown parameters will be assumed to be uncertain variables and the systems with 
uncertain parameters will be called uncertain systems. 

The uncertain variables, related to random variables and fuzzy numbers, are described 
by their certainty distributions given by an expert and evaluating his opinion on 
approximate values of the uncertain variable. Two versions of the uncertain variables 
are introduced in Section 3, based on two versions of uncertain logics defined in 
Section 2. The definitions contain not only the formal description but also their 
interpretation, which is of much importance. The uncertain variable in the first 
version may be formally considered as a very special case of the fuzzy number 
(exactly speaking - the possibilistic number) with a specific interpretation of the 
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membership function. Nevertheless for the sake of simplicity and unification it is 
better to introduce it independently and not as a special case of much more 
complicated formalism with different semantics. In Section 4 the applications of the 
uncertain variables to analysis and decision making problems are presented for the 
system described by a function (functional system) and described by a relation 
(relational system). In the second case the static system is described by a relation 
between input and output vectors and the analysis consists in finding the output 
property (i.e. the property concerning the output vector or the set to which the output 
vector belongs) for the given input property. The decision making is an inverse 
problem (see [3]). For the system with uncertain parameters the modified versions of 
these problems adequate to the description of uncertainty are presented. Simple 
examples and an algorithm given in Section 5 show how the methods and procedures 
described in the paper may be applied to computer-aided analysis and decision 
making for the uncertain systems under consideration. 

2 Uncertain Logics 

Our considerations are based on multi-valued logic. To introduce terminology and 
notation employed in our presentation of uncertain logic and uncertain variables, let 
us remind that multi-valued (exactly speaking - infinite-valued) propositional logic 
deals with propositions ( ctj, ctj, •■• ) whose logic values w(a) e [0,1] and 

w(— lOr) = l-w{a) , w{aiva 2 ) = max{w{ai),w{a 2 )} , 
w(ajACtr 2 ) = min{ w(ai), w(cf 2 ) } . 

Multi-valued predicate logic deals with predicates P{x) defined on a set X, i.e. 
properties concerning x, which for the fixed value of x form propositions in multi- 
valued propositional logic, i.e. 

w[/’(x)] = /t^(x) e [0, 1] for each xeX. (2) 

For the fixed x, jUp(x) denotes degree of truth, i.e. the value llp(x) shows to what 
degree P is satisfied. If for each xe X /tp(x) e {0, 1} then P(x) will be called 

here a crisp or a well-defined property, and P{x) which is not well-defined will be 
called a soft property. The crisp property defines a set 

D^={xe X-. w[P(x)l = 1 } = {xeX: P{x)} . (3) 

Consider now a universal set , cos ^2 , a set X which is assumed to be a metric 
space, a function g: —>X , and a crisp property P{x) in the set X. The property P 

and the function g generate the crisp property *P {o),P) in : "For the value 

X = g{(o) = x((o) assigned to (O the property P is satisfied", i.e. 




'P{(0, P) = P[x{(0)]. 
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Let us introduce now the property G(x, x) = "x = x” for x,xe X , which means: 
"x is approximately equal to x". The equivalent formulations are: "x is the 
approximate value of x " or "x belongs to a small neighbourhood of x " or "the 
value of the metric d(x,x) is small". Note that G{x,x) is a reflexive, symmetric 

and transitive relation in XxX . For the fixed ( 0 , G{x{co),x \ = G^(x) is a soft 
property in X The properties P{x) and G^{x) generate the soft property *F {co,P) 
in : "the approximate value of x{co) satisfies P" or "x{o)) approximately 
satisfies P", i.e. 

¥ {CO, P) = G^ (x) A P(x) = [ x{co) = X ] A P{x) (4) 



where x is a free variable. The property *P may be denoted by 

¥{co,P)= "x{co)eD/ 



( 5 ) 



where is defined by (3) and "xeD ^ " means: "the approximate value of x 
belongs to " or "x approximately belongs to ". Denote by h^(x) the logic 
value of G^(x) : 



w[G^(x)] = A^(x), ^(h^{x)>Q), 

xeX 

max/z^(x) = 1 . 



( 6 ) 

( 7 ) 



Definition 1 (nncertain logic): The uncertain logic is defined by a universal set , 
a metric space X, crisp properties (predicates) P{x) , the properties G^(x) and 
the corresponding functions (6) for e . In this logic we consider soft properties 

(4) generated by P and G^ . The logic value of is defined in the following way 



A r.TT 



w[P{co, P)\=v['P{co,P)] = \ 



max/i (x) forD„;^0 



0 



for D =0 



( 8 ) 



and is called a degree of certainty or certainty index. The operations for the certainty 
indexes are defined as follows: 

v[-^¥{o),P)] = \-v[¥{o),P)] , (9) 

v['Fi(®,Pi)v'F2(®,P2)] = max{v['Fi(®,Pi)],v['F2(®,7^2)]} > (10) 

0 if for each x w{Py a Tj ) = 0 

[min{ V [*Fj((y,/j)],v[f 2 ((y,F 2 )]} otherwise 



v[P,{CO,P,)A'P^{CO,P^)] = 



where *Fj is f' or — i , and 'P2 is 'P or — 1 "P . 



( 11 ) 

□ 
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Using the notation ( 5 ) we have 

V [x(<y) g ] = l-v[x(<y)e ] , ( 12 ) 

v[x{a>) G Z)j V x{a>) g D2 ] = max{ v[ v(®)g Z)j], v[ v(<y)G £>2 ]} , (13) 

v[x{0)) G £>1 A x{0)) G D2 ] = min{ v[x{0)) g Z); ], v[ x{0)) g Z>2 ]} ( 14 ) 

for Z)[ n Z>2 ^0 and 0 for Z)[ n Z>2 = 0 - where g Z)[ and g Z>2 may be replaced 
by i Z)[ and i. D 2 , respectively. From (7) and (8) v[x e X ] = I . One can note 
that G^(x) = "x(co) = x" is a special case of for Z)^ = { x } (a singleton) and 



v[x{0)) = x] = h^{x) , v[x{0))^ x] = \-h^{x) . (15) 

From (8) one can immediately deliver the following property: if ^ Z 2 for o^oh x 
(i.e. Z)[ c £> 2 ) then 

v[¥{co,Px)]<v[¥{co,P 2 )] or v[F(®)g Z)i]<v[x(®)g Z >2 ] . (16) 

Theorem 1.- 

v[ ¥{ 0 ), £>1 V £ 2 ) ]= v[ ^{ 0 ), £ 1 ) V ¥{o),P 2 ) ] , (17) 

v[^(®,£i A£2)]<min{v[^(®,£i)],v[n®,£2)]} . (18) 

v[ ¥{co,^P) ] > v[^¥{co,P)] . (19) 

Proof: From (8) and (10) 

v['P {0),P]) V *F (®,£ 2 )] = max{max/t^(x),max/t^(x)} = 

XG D\ XG Z>2 

= max /t^(x) = v[*£((y,£j v£ 2 )] . 



XG £>1 UD2 

Inequality (18) follows immediately from £)j n £>2 c £)j , D^r\D 2 ^ D 2 and(16). 

Let £[=£ and £2 = — 1 £ in (17). Since vr(£v— i£) = l for each x ( £>^ = X in this 
case), 

1 = v[¥{co,P ) V <P(co, -nP)]= max{v['P(co,P)], v[P(co,^P)]j 
and 



v[*F(®,^£)]> l-v[*£(®,£)] = vH*F(®,£)] . 



□ 
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Inequality (19) may be written in the form 

v\x{co) e > v[x(co) £ D^] = l-v[x((u) e D^] (20) 



where = X - D^. 

As was said in Section 1, the definition of uncertain logic should contain two parts: 
a mathematical model (which is described above) and its interpretation (semantics). 
The semantics is here the following: the uncertain logic operates with crisp predicates 
P [ x{o)) ] , but for the given co it is not possible to state whether P{x) is true or 
false because the function x = g{co) and consequently the value x corresponding 
to 0 ) is unknown. The exact information, i.e. the knowledge of g is replaced by 
h^{x) which for the given o) characterizes the different possible approximate 
values of x(co) . If we use the terms: knowledge, information, data etc., it is 
necessary to determine the subject (who knows ?, who gives the information ?). In our 
considerations this subject is called an expert. So the expert does not know exactly 
the value x{co) , but "looking at" o) he obtains some information concerning x, 
which he does not express in an explicit form but uses it to formulate h^{x) . Hence, 
the expert is the source of A^(x) which for particular v evaluates his opinion that 
x = x. That is why A^(x) and consequently v['P {co,P)] are called degrees 
of certainty. E.g. is a set of persons, x{co) denotes the age of O) and the expert 
looking at the person O) gives the function h^{x) whose value for the particular x 
is his degree of certainty that the age of this person is approximately equal to x. 
The predicates *P {co,P) are soft because of the uncertainty of the expert. 

Definition 2 (C-uncertain logic): The first part is the same as in Definition 1. 
The certainty index of 'P and the operations for the certainty indexes are defined as 
follows: 

v^[P{0),P)] = ^ = y[max /z^(x) + l-max/i^(x)] , (21) 

^ ^ xeDy, xeDr 



v^[^P{a),P)] = v^[P{o),^P)] , 


(22) 


V, [¥{o),P0v ¥{0), P 2 )] = V J ^(®, Pi V )] , 


(23) 


V, [¥{0), Pi ) A ^(®, P 2 )] = V, [ r (®, Pi A Pj )] . 


(24) 




□ 
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The operations may be rewritten in the following form 

xiD^ = xeD^ , (25) 

[ x(co) G Z)j V x(co) e D 2 ] = [ x(co) g Dj u D 2 ] , (26) 

[ x(co) G Dj A x(co) G 7 ) 2 ] = v^. [ x(co) G Dj Pi £>2 ] ■ (27) 

From (8) and (21) 

vJx(®)iX] = l, vjT(®)i0] = O. (28) 



Using (21), we obtain the following property: If for each x P\^ P 2 (i-e. Z); c £> 2 ) 
then 

V,[P{0), Pi)] < v,[¥{0), P 2 )] or vj X{0)) i A ] ^ vj X{0)) i A 1 ■ (29) 

Theorem 2: 

y, [¥{0), Pi V P2 )] > max { v, [¥{o), Pj ) ] , v J ¥{o), P2 )] } , (30) 

vJP(®,PiaP 2)1 < min{yjr(®,Pi)], vJ^(®,P2)]} , (31) 

y, A P{0), P)] = 1-y, [ ¥{(0, P)] . (32) 

The proof is analogous to that of Theorem 1. 

Till now it has been assumed that x{co),xe X . The considerations can be extended 
for the case x{co)e X and xe X X At means that the set of approximate values X 
evaluated by an expert may be a subset of the set of the possible values x{co) . 
In a typical case X = {xi,X 2 ,--,x^} (a finite set), x^eX for ;g1,»i. 

3 Uncertain Variables 

The variable x for a fixed co will be called an uncertain variable. Two versions 
of uncertain variables will be defined. The precise definition will contain: h(x) given 
by an expert, the definition of the certainty index w( xe A ) the definitions of 
w{x i D^) , w( T G A V T G A ) > iy( X G A A X G A ) ■ 

Definition 3 (nncertain variable): The uncertain variable x is defined by the set of 
values X, the function h{x) = y ( x s x ) (i.e. the certainty index that x s x , given by 
an expert) and the following definitions: 
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[ max h{x) for 

v(xiDJ=\^^o^ (33) 

1 0 for = 0 , 

v(xi D^) =l-v{xe DJ , (34) 

v(xeZ>i V xe D 2 ) = max{ v( xe D^),v{xe D 2 )} , (35) 



v( X G Z)[ A xe D2) = 



min{ v(x G Dj) ,v( X i" D 2 ) } forZ)jnZ) 2^0 



0 



for D, r\D 2 =0 . 



(36) 



The function h(x) will be called a certainty distribution. □ 

The definition of the uncertain variable is based on the uncertain logic. Then the 
properties (15), (16), (17), (18), (20) are satisfied. The properties (17) and (18) may 
be presented in the following form 



v( XG £)j uZ>2) = max { v( xg D^), v( x g D2)] , 

v( X G D[ n£>2) - min {v(xgZ)j),v(xg£)2)} ■ 



(37) 

(38) 



Definition 4 (C-nncertain variable): C-uncertain variable x is defined by the set of 
values X, the function h{x) = v{x = x) given by an expert, and the following 
definitions: 



V. ( X G D^) =-!- [max h{x) + 1 - max /z(x)] , 


(39) 


2 xeD, 




vjxg DJ = 1-V,(XG DJ , 


(40) 


V^. ( X G Dj V X G D2 ) = ( X G U Z >2 ) , 


(41) 


( X G Dj A X G £>2 ) = ( X G Z)[ n D2 ) . 


(42) 




□ 



The definition of C-uncertain variable is based on C-uncertain logic. Then the 
properties (28), (47) are satisfied. According to (22) and (32) 

Vcixi D^) =v^{xe D^) . (43) 



Inequalities (30) and (31) may be presented in the following form 
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vjxi Z)i UD 2 ) > max {v, (xe Di), D 2 )} , (44) 

( X i Z)[ n D 2 ) < min { ( x i Z)j ) , ( x g Z )2 ) } . (45) 

The function v^(x = x) = h^{x) expressed by (29) may be called a C-certainty 
distribution. The formula (39) may be presented in the following way 



V,(XG 



— max /i(x) =— v(x G T)^) if max /t(x) = 1 

2 xeD^ 2 

1-— m^ h{x) = v{xe D^)-—v{xe D^) otherwise. 

2 xeD^ 2 



(46) 



In particular, for = {x} 



h^{x)= \ 



1 



— h{x) 

1 

2 3cgZ-{a:} 



if max h{x) = 1 

3cgX-{x} 

otherwise . 



(47) 



For the further considerations we assume X (A:-dimensional real number vector 
space) and we shall consider two cases: the discrete case with = {xi,X 2 ,...,X;^ } and 
the continuous case in which h{x) is a continuous function. It is easy to see that in the 



continuous case h^{x) 



1 

2 



h{x) . 



Note that the certainty distribution h{x) is given by an expert and C-certainty 
distribution may be determined according to (47). The C-certainty distribution does 
not determine the certainty index v^(xg O^). To determine v^, it is necessary to 
know h{x) and to use (46). The formula (46) shows the relation between the certainty 
indexes v and : if X and then < v . In comparison with 

uncertain variable, C-uncertain variable has two advantages: In the definition of 
y^(xG D^) the values of h(x) for are also taken into account and the logic 
operations (negation, disjunction and conjunction) correspond to the operations in the 
family of subsets (complement, union and intersection). On the other hand, the 
certainty indexes for disjunction and conjunction are not determined by the certainty 
indexes v^(x g Z)[) , v^(x g D 2 ) , i.e. they cannot be reduced to operations in the set 
of certainty indexes v^.(x g D^) .We can define a mean value M{x) in the similar 
way as for the random variable. In the discrete case 
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For C-uncertain variable M^c is defined in the same way, with he in the place of h. 

In the continuous case h^{x) = ^h{x) , then h^ix) = h(x) and In the 

discrete case ~ > if ^he dispersion in the certainty distribution is great. 

To compare uncertain variables with fuzzy numbers, let us remind three basic 
definitions of the fuzzy number in a wide sense of the word, i.e. the definitions of the 

fuzzy set based on the number set X = \ 

a. The fuzzy number x{d) for the given fixed value X is defined by X and 
the membership function ju{x, d) which may be considered as a logic value 
(degree o/trut/;) of the soft property "ifx = x then x = d". 

b. The linguistic fuzzy variable x is defined by X and a set of membership 
functions Ri{x) corresponding to different descriptions of the size of x (small, 
medium, large, etc.). E.g. R^{x) is a logic value of the soft property "if x = x 
then X is small". 

c. The fuzzy number x{co) (where coe Q was introduced at the beginning of this 
section) is defined by X and the membership function Ri^{x) which is a logic 
value {degree of possibility) of the soft property "it is possible that the value x is 
assigned to O)". 

In the first two definitions the membership function does not depend on , in the 
third case there is a family of membership functions (a family of fuzzy sets) for 
coe £ 2 . The difference between x(d) or the linguistic fuzzy variable x and the 
uncertain variable x{co) is quite evident. The variables x(co) and x(co) are 
formally defined in the same way by the fuzzy sets {X,fi^{x)) and {X,h^{x)), 
respectively, but the interpretations of /<^(x) and h^{x) are different. In the case 
of the uncertain variable there exists a function x = g{co) , the value x is determined 
for the fixed co but is unknown to an expert who formulates the degree of certainty 
that x{co) = x for the different values xeX. In the case of x{co) the function g 
may not exist. Instead we have a property of the type "it is possible that P{co,x ) " 
(or shortly speaking "it is possible that the value x is assigned to O ) ") where 
P{co,x) is such a property concerning o) and x for which it makes sense to use 
the words “it is possible”. Then ju^^ix) for the fixed co means the degree of 
possibility for the different values xe X , given by an expert. From the point of 
view presented above x(co) may be considered as a special case of x(co) (when the 
relation P{co,x) is reduced to the function g), with a specific interpretation of 
jJ-J^x) = /i^(x) . The further difference is connected with the definitions of 
w{x e D^) , w{x i D^) , w( x e Z); v x g £>2 ) w( x g Dj a x g D2 ) . The 

function w{x e D^) = m{D^) may be considered as a measure defined for the 
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family of sets . Two measures have been defined in the definitions of the 

uncertain variables: v{x e D^) = Jn(D^) and v^(x e D^) = m^(D^) . Taking into 
account the properties of m and , and comparing them with known cases of 
fuzzy measure (belief measure, plausibility measure and possibility measure which is 
a special case of plausibility measure - see e.g. [ 8 ] ), it is easy to show that iw is a 
possibility measure and trie is neither belief nor plausibility measure. 

4 Analysis and Decision Making Problems for Uncertain Systems 

Let us consider a static system with input vector ueU and output vector ye Y , 
where U and Y are real number vector spaces. When the system is described by 
a function y = F{u) , the analysis problem consists in finding the value y for the 
given value u. The problem may be extended to the system described by a relation 

upy^ R{u,y)(zUy.Y in the following way (see [ 1 , 3] ): for the given R and 
where u& is a given input property, find the smallest set Dy such 
that the implication ueD^^yeDy is satisfied. Then 

Dy={yeY-. \j {u,y)e R\ . (49) 

W€ Dy 

The relation R may have the form of a set of equalities and inequalities concerning 
u and y. Consider now the functional system described by y = F{u,x) and the 
relational system described by R{u,y,x) <^UxYxX where xe X is an 
unknown vector parameter which is assumed to be a value of an uncertain variable x 
with h^(x) given by an expert. Then y is a value of an uncertain variable y and 
for the fixed u, y is the function of x: y = F{u,x). 

Analysis problem for the functional system may be formulated as follows: for the 
given F, h^{x) and u find hy{y) for y . Having hy{y) one can determine My 

and 



y* =arg max/i^(y), i.e. hy(y*) = \. 
ref 



Using (33) one obtains 



hy{y,u) = v(y s y) = max h^{x) 

xe. iy;u) 



( 50 ) 
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where y,u) - {xe X \ F{u,x) - y} , If F as a function of x is one-to-one 
mapping and x = F~^{u,y) then 



hy{y;ti) = h^[F \u,y)] 

anA y* = F {u,x*) where x* =aigmaxh^{x) . From the definition of the certainty 
distributions h and he it is easy to note that in both continuous and discrete cases 
y* = y* where y* = arg maxh^iy) . 

Analysis problem for the relational system may be formulated as follows: for the 
given R, h^(x) , £)„ (i.e. the property is satisfied) and Ay (zY, find 

Using (49) we can determine Dy{x) for R{u,y,x). Then 

Ay) = v[xe D^{Ay)^= max h^{x) ...x 



where 



DAAy) = {xeX-. Dy{x)^Ay). (52) 

In the case when x is considered as C-uncertain variable it is necessary to find v 
(51) and 

v(y^Ay) = v[xeD^{Ay))= max h^{x) . 33 x 

xeDFAy) ■ ^ 

Then, according to (39) withy in the place of v, 

Ve(yeAy) = ^[v(yeAy) + l-v(yiAy)]. (54) 

Example 1 ; Let u, xe R^ , ye R^ , y = x^^'*u^^^+x^^'*u^^\ e { 3,4,5,6} , 
x^^^ e { 5, 6, 7 } and the corresponding values of h^i , h^2 given by an expert are 
(0.3, 0.5, 1, 0.6) for and (0.8, 1, 0.4) for x^^^ . Assume that x*'^ and x*^^ 
are independent, i.e. h^{xf \x^P) = vnm{h^^{xf^), h^2^x^P)} . Then for 

x = (x®,x<2i)e {(3,5), (3,6), (3,7), (4,5), (4,6), (4,7), (5,5), (5,6), (5,7), (6,5), (6,6), 
(6,7)} the corresponding values of are (0.3, 0.3, 0.3, 0.5, 0.5, 0.4, 0.8, 1, 0.4, 0.6, 
0.6, 0.4). Let = 2 , = 1 . The values of y = 2x^*^ -i-x^^^ corresponding to the 

set of pairs (x^'\x^^^) are the following: (11, 12, 13, 13, 14, 15, 15, 16, 17, 17, 18, 
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19}. Then = = 0.3, hy(\2)^ A/13) = max {/t;,(3,7), 

K{A,5)} = 0.5, ^14) = A,(4,6) = 0.5, hy{\5) = max { /t,(4,7), h,{5,5) } = 0.8, 

^16) = h{5,6) = 1, ^17) = max { h,{5,l), h,(6,5) } = 0.6, hy(l8) = h(6,6) = 0.6, 

^ 

/tj,(19) = /tx(6,7) = 0.4. For hy(y) we have j =16, and using (48) for y we 
obtain hy=5, = 15.4 . Using (47) we obtain the corresponding values of 

hy,{y): (0.15, 0.15, 0.25, 0.25, 0.4, 0.6, 0.3, 0.3, 0.2), y*=/=16, 

v^(ysl6) = 0.6, =2.6, My^=l5A3--My. □ 

For the functional system y = F{u) the basic decision problem consists in finding 
the decision u for the given desirable value y . It may be extended to the relational 
system in the following way (see [1, 3]): for the given R{u,y) and Dy(^Y where 
y e Dy is a desirable output property, find the largest set D„ such that the 
implication ue ^ y e Dy is satisfied. Then 

D^={ueU: Dy{u)^Dy} (55) 

where 

Dy{u) = {yeY\{u,y)eR{u,y)}. (56) 

Consider now the system with the unknown parameter x. 

Decision problem for the functional system: for the given F(u,x), hjyc) and the 
desirable value y find the decision u maximizing v{y = y) . To solve the 
problem one should determine hy{y\u) according to (50) and 

u = arg max/i (y; u) . 

ueU 



We can obtain u by solving the equation F(u,x ) = y where 

X =arg maxhy{x). In Example 1 we have x =(5,6) and the set of solutions 

u = (u^^\u^^^) satisfying the equation 5 m*^*^ = y . Since y* = y* , then 

u = u^ which means that the result for the C-uncertain variables is the same as for 
the uncertain variable. We can consider another version of the decision problem 
consisting in finding u such that My{u) = y. Now may differ from u if 

My,^My. 

Decision problem for the relational system: for the given R{u,y,x), h^(x) and 
Dy (where y^ Dy is a desirable output property) find u maximizing v{yeDy). 
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To solve the problem one should determine Dy{u,x) and Dj^{x) according to 
(56) and (55) with {u,y,x)e R{u,y,x) in the place of {u,y)e R{u,y) . Then for the 
fixed u 



v(>’ G D^) = v(m) = v[m G Dj,(x)] = v[x e D^(m)] = max h^{x) (57) 

XG Dy-{u) 

where 

D,{u) = {xeX-.ueD^x)} (58) 

and u = argmax v(m) . When x is considered as C-uncertain variable it is necessary 
to find V (57) and 



v{y^ Dy) = v[xe D^{u)]= max h^{x) . 

XG D^{u) 

Then, according to (39) with y in the place of x , 

Vciy^Dy) = v,{u) = ^[v{ye Dy) + \-v{ye Dy)] (59) 

and = argmax v^{u) . Let us note that in both cases (functional and relational) the 
solution u (or u ^ ) may not exist or may be not unique (as in the deterministic 
system without x). 

Example 2: Let u, y, xe R^ , the relation R is given by inequality xu< y< 2xu , 

Dy=[y\,y 2 \, Ti>0, y2>2yi. Then = [^ ,^~\ , D^{u)=[^,^]. 

Assume that x is a value of an uncertain variable x with triangular distribution h,:{x) 
determined by (0, 1) . It is easy to note that u is any value from [ 2yi, y 2 ] and 

v(m) = 1 . Using (59) we obtain 

when M > _V[ + 0.5_V2 
when yi<u<yi+ 0.5^2 

when M < _V[ . 



Vc(m) = 



Zl 

2m 

i_Zl 
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It is easy to see that u^= yy+ O.Syj and v^(m^) = - — - — . E.g. for y\=2, ^2^12 

2yi +yi 

the results are the following: mg [4, 12] and v=l, = 8 and v^=0.75. □ 

5 Computational Aspects 

The application of C-uncertain variables (i.e. instead of v) means better using the 
expert’s knowledge, but may be connected with much greater computational 
difficulties. In the discrete case, when the number of possible values of v is small, it 
may be acceptable to determine all possible values . Let us explain it for the 
decision problem and relational plant. Assume that X = {xi,...,x„,} , U = {mj ,...,m^ } , 
Y = {y^,...,y^} . Now the relation R{u,y,x) is reduced to the family of sets 
Dy <^Y, iel,p , jel,m, and the algorithm for the determination of m is 

the following: 

1. For (i = 1, ... ,p) prove if 

, j=l,2,...,m. (60) 

If yes then x^^^ g . For j = m we obtain the set . 

2. Determine according to (59): 

1-y max hy{x) if x eDy(u^‘^), 

V.=J xeD^(u^‘'>) 

^ci Y 

— max hy{x) otherwise 

^ xbD^{u^'^) 

where x g A is such that h^{x ) = 1 . 

3. Choose i = i such that is the maximum value in the set of determined in 
the former steps. Then u = m^ for i = i . 

Special forms of this algorithm have been elaborated for two special cases of 
R{u,y,x) and =[y,y]: 

1 . c^M <y< d^u where c, d are subvectors of x. 

2. Q<y<u^Qu where g = diagx, x = (x^^\...,x^^^) , x^''^ >0, rel,s. 

For example, in the first case, the second step with (60) is reduced to testing if 
> y and d^u^'^ < y . 

For these cases computer programs have been elaborated and used for simulations. 
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6 Conclusions 

Two versions of uncertain logics have been defined and used in the definitions of two 
versions of uncertain variables. The certainty distributions seemed to be the most 
natural, simplest and practically available description of the uncertainty evaluating 
an expert’s opinion on approximate values of an unknown parameter. The methods 
of the analysis and decision making presented in the paper were used to elaborating 
the computer programs for special cases. The simulations showed a significant 
influence of the parameters in certainty distributions on the final results. 
The uncertain variables may be applied to uncertain systems described by a logical 
knowledge representation [2, 6] and may be combined with an idea of learning for 
knowledge-based systems [4, 7]. 
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Abstract. In this paper, a direct sliding control learning strategy is 
combined with a fuzzy system with variable granularity to achieve diffe- 
rent precision requirements in different zones of the state-space; non-local 
basis functions are also added. A coordinate transformation gives a clea- 
rer meaning over performance evaluation and the fuzzy system operates 
on this transformed space. 



1 Introduction 

There are many control design techniques, being its basic role to act on a system 
according to some goals and information from the system and the environment. 
It is almost impossible to fully model the behaviour of the system, the actual 
scenario and the detailed requirements. Thus, there have been many attempts 
to provide some kind of learning to the controller, in order to cope with new 
situations not fully considered at the initial design stage, from mere parameter 
adaptation to a full-scale decision system. 

One of the approaches to robust control of partly-known nonlinear systems 
is to use variable structure (sliding mode) controllers [8,1], if the system model 
can be expressed in control-affine form x = f{x) + g{x)u and a pseudo-output 
s = h{x) can be defined so that it has unity relative degree and s{t) = 0 implies 
asymptotic convergence of the output to zero. For inverse-stable systems, the sli- 
ding variable s(t) is usually formed as a linear combination of output derivatives 
s = ^ such that s = 0 is a stable linear differential equation. 

Sliding controller produce a discontinuous control, synthesised based on 
known model error bounds. Even if stability is guaranteed, a high control ac- 
tivity results if those bounds are overestimated (the limit case is a switching 
control law). Furthermore, commutation at sampling frequency (chattering) and 
errors due to discretization are present. The high frequency components can ex- 
cite unmodelled dynamics so robustness can be degraded. Filtering, dead-zones 
and small sampling periods are used to solve these issues [3]. 

The sliding mode idea is well suited to learning and adaptation because the 
temporal credit assignment problem has an easy solution: the blame for unsa- 
tisfactory performance can be credited to the immediately past control action. 

A learning scheme can act upon the overall system by improving a learned 
model, thus reducing the uncertainty bounds (to be estimated) or directly acting 
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on the control actions by increasing or reducing the control activity based on 
performance evaluation. 

Some continuous-time adaptive approaches to this problem are reported in 
the literature if initial error bounds are not known [7]. Other learning algorithms 
in the literature (for example, [6]) can be thought of as variations of the sliding 
strategy, in particular many of those that define performance zones on a phase 
plane. 

In the following, a model-free direct discrete-time adaptive controller is de- 
veloped, so that a pre-specified approach to the sliding surface is achieved. Dif- 
ferent precision requirements are needed in different zones of the state space. 
Hence, the controller divides the state space in coarser partitions as the sliding 
variable increases. Interpolative fuzzy models will be used to model a controller 
u{k) = f(x,r). 

In the coarsest zone, even a saturating control action could be appropriate 
(for stable processes) in the sense that it produces no chattering. In the fine 
zone, control actions have to be modulated to keep the discrete-time system into 
a quasi-sliding mode [3]: the true sliding regime is not attainable due to the 
finite sampling period jointly with the approximation error of the fuzzy system 
used as a controller. 

2 Sliding-Mode Control 

Sliding-mode (variable-structure) control [8] is now a classical strategy to control 
a class of systems with the following characteristics: 

— The system dynamics can be described by = f{x) g(x) * u 

— The system state is measurable, and the zero dynamics is stable. 

Let a reference signal r{t) be defined, as well as a reduced-order stabe target 
dynamics for the closed loop error e{t) = r{t) — y{f) : 

.... ^ ... 

+ + + = 0 ( 1 ) 

This target dynamics is called sliding mode regime, chosen by the designer accor- 
ding to control specifications. It is a linear combination of system state variables 
and reference derivatives, assumed a smooth enough reference. The usual choice 
is the critically damped (J^ -I- 1)” dynamics. 

By derivation with respect to time of (1) and substituting the process equa- 
tion, an expression such as = P(r, x) — /(x) — g{x)u can be obtained, 

where x = , . . . , ^,y) and P{r, x) can be calculated from measurements. 

The controller is synthesised by calculating the interval of control actions u 
such that a convergence condition is met, such as: 

, . ds 

sign(s)— < -r] 

that will ensure convergence to s = 0 in finite time. 



(2) 
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The control action is discontinuous, as it depends on sign(s) and the uncer- 
tainty in / and g. This discontinuity is called chattering. Dead zones on s can 
diminish this high frequency control activity. 

When using discrete-time versions of sliding controllers (such as the ones 
obtained by numerical discretisation of continuous-mode ones) then chattering 
around the sliding regime becomes an oscillation with frequency Ws/2. If this 
oscillation has bounded amplitude A it is named a quasi-sliding mode [5] . 

In the discrete case, fulfilment of reaching laws such that |5'fc+i | < \Sk \ ensure 
closed-loop stability. Usual reaching laws are |S'fc-i-i| = 0 or S'fe+i = aSk (equiva- 
lent to pole-assignment in perfectly known systems). Unfortunately, uncertainty 
makes impossible to design a discrete controller fulfilling the reaching law all 
over the state space, specially for small |S'(fc)|. That’s the reason quasi-sliding 
behaviour is present in the discrete case. 



3 A Learning Sliding Controller 

The controller will control a continuous-time sliding function via a discrete con- 
troller implemented by a universal function approximator such as fuzzy systems. 
Many standard fuzzy and neurofuzzy techniques [4,2] used in intelligent learning 
control can be cast into the form: 

f(p) = ^P^{p)h 

so that for each fXi (membership of basis function) there exists a point pi such 
that Pi{pi) = 1. That point is called the “vertex” or prototype center point of 
the basis functions. 

Some considerations will be made to apply them to the sliding control fra- 
mework: 

The first one is that the sliding variable s{t) is not a state variable because it 
directly depends on the reference, but a state variable can be formed by adding 
to it the appropriate reference and reference derivatives. From now on, it will 
be assumed that derivatives of the reference are zero (i.e., the system is to track 
constant references). Under that assumption, a linear transformation exist so 
that the operation space (x, r) (composed by the plant state and the reference) 
is mapped to (s,s'’-,r), where s-*- is a n — 1 dimensional basis orthogonal to s, 
being n the plant order. 

The first distinctive feature here proposed is that the controller will be a 
non-linear fuzzy interpolator given by: 

u{x,r) = 

i.e., the control surface will be defined on the transformed space, instead of the 
common setup u{x,r) = pi{x,r)ui. In that way, different precision require- 
ments in the controller are easier to incorporate: when satisfactory closed loop 
performance will be achieved, the controller will operate nearly always in the 
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“small s” region. For big values of s sliding control can be approximated even 
with bang-bang actions so precision requirements are far less. 

Based on the previous idea, a special node arrangement is set up, in which 
precise steady state control is ensured via a fine granularity near the (s, s-'*) Ri 0 
region, but a much coarser granularity is gradually used away from that points. 
In that way, the number of nodes is reduced hence giving a regulator with fewer 
parameters. 

In the referred arrangement, the distance between node centers increases 
geometrically as s and s"’~ get away from the origin (see figure 1). Partiti- 
ons are set up along each dimension so that the nodes pk on them verify: 
d{Pk^Pk+i) = l3d{pk-i,Pk)- Notwithstanding, the final global setup is not the 
cartesian product of those partitions, unlike many usual fuzzy system configu- 
rations. Some additional operations will be made. 

The geometric multiplication factors Pi are different for each of the dimen- 
sions: precision is needed when s is small, whatever the value of s'*" is, so scat- 
tering along S'*- is more uniform (a uniform scattering corresponds to P = 1). 
Anyway, high values of indicate that the system isn’t near the steady-state 
point, even if the sliding mode has been reached (s ~ 0), so actual precision 
requirements are less and nonuniform partitions along that dimension is hence 
justified. 
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Fig. 1. Centroid spacing 



In this way, a precise approximation inside a small user-defined dead zone e 
around s = 0 is achieved without sacrifice of memory and generalisation capa- 
bilities. The sliding variable values in which nodes are placed are {0, ±e, ±/3e, 
±/3^e, . . . }. A similar approach is taken in the s-*- coordinates, but with a e* value 
that increases with s, so the final arrangement is not a cartesian-product one, as 
previously mentioned. Appropriate straightforward modifications to usual fuzzy- 
interpolation routines are made to deal with the nonuniform sampling points 

(fig !)• 

In this way, a fine control is learnt at or near the quasi-sliding surface, and a 
coarser control law is applied if far from it. The fine control will allow reducing 
the chattering magnitude, and the coarser one will enable better generalisation. 
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A totally saturated coarse action u = MmosSign(s) is taken when either |s| > sq 
or |s"*“| > si- 



3.1 Learning Algorithm 

A desired Sk+i is calculated according to a pre-specified reaching law, given Sk- 
After applying the controller action, error Ck+i = S^+i — Sk+i is obtained. 

After determination of a variable dead zone (function of closed-loop precision 
requirements and the increasing approximation error due to decreased granula- 
rity of the fuzzy system) in the form d{s) = do + di * |s|, the error is suitably 
reduced to 

The change in parameters follow the law Aui = where 77 is a learning 

rate. Knowledge of the sign of the plant gain is assumed. If parameter increment 
produces an a posteriori control action above saturation limits, an antiwindup- 
like strategy is applied, in such a way that parameter increments are scaled 
down, thus avoiding drift. 

Learning speed depends on 77 and the unknown process gain. At reduced 
learning rate, reduced sampling time is similar to the discretisation of analog 
sliding-mode adaptive control [7] . Very high learning rates would lead to a ±Usat 
switching worst-case performance. In any case, that would lead to chattering si- 
milar to a binary switching controller, but it will not destabilise a stable process. 
Chattering may appear if the number of nodes is too reduced to properly ap- 
proximate the needed controller for small values of the sliding variable. 

To improve generalisation and allow a more reduced number of overall nodes, 
some of the regressors p,i{x, r) have been set to non-local functions, in particular 
to r, s, s^, tanh(s/e), and g-*-, with a reduced learning rate. 

Example: The previously outlined algorithm has been tested with a simulated 
nonlinear spring second-order mechanical system (figure 2) whose equations are: 



I = -b (u - y)2 (3) 

/ = {u — y)/l * k * {atan{kp * {I — Iq)) + kh) (4) 

(fx 

—TT = f — 0.125 * V — 0.06 * sign(v) (5) 

dt^ 

with physical parameters being h = 1 ,Iq = 0.85, k = 2, kp = 1, kh = 0. 

Figure 3 shows the behaviour in the first iterations and figure 4 illustrates 
the final results. In the simulations, the reaching law was S'fe+i = 0.625'^ for 



|s| > do and Sfe+i = 0.95'^ for |s| < do, where do is an user-defined deadzone 
where quasi-sliding mode behaviour is assumed satisfactory, set to 0.01. The 
granulation had 6 nodes over the s and r variables and a maximum of 10 nodes 
in S'*" (for small s). 
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Fig. 2. Example system 




Fig. 3. Initial behaviour 





(a) Final phase plane (b) Outpnt response 



Fig. 4. Learning results 



4 Conclusions 

In this paper, a fuzzy system approximator plus nonlocal basis functions is used 
for learning direct sliding control, learning how to reach the sliding regime ac- 
cording to a pre-specified reaching law. 

As precision requirements are different depending on different regions of the 
state space, a progressive granularity reduction is made for big values of the 
sliding variable. The coarse-fine control transition is efficiently implemented via 
a change of coordinates that transform the state-reference space into another one 
with the r,s and s'*" variables as their axes. Partitions on this space have a clearer 
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meaning towards performance evaluation. Granularity reduction and nonlocal 
basis functions allow for a more reduced number of controller parameters, thus 
enhancing generalisation. 
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Abstract. The paper presents a set of new non-parametric and parametric 
identification algorithms oriented to using within the input/output system 
description. A purpose of elaborating the identification techniques is to involve 
as broad as possible, to some extend, classes of stochastic system descriptions, 
both linear and nonlinear ones, assuming that the lack of knowledge with 
respect to the system may vary from unknown system parameters to unknown 
system structure at all. 



1 Introduction 

A control problem solution considerably depends on a choice of the investigated 
system model to be used within the control process. An approach to analytical 
description of various systems is based on input/output model description. Within 
this, deriving an explicit dependence between input and output of the investigated 
system plays an important role. Such a dependence should ensure an adequate 
approximation of the system considered by an effective, from a practical point of 
view, manner. In other words, the identification problem takes an important place 
within a control process, being a necessary preliminary step when the investigated 
system model is unknown to some extent. Conventionally, identification problems are 
classified as structure identification, nonparametric identification, and parametric 
identification. Such a classification is motivated by body of knowledge available with 
respect to the investigated system model. In turn, body of knowledge about the model 
may vary from lack of information on the model structure at all to uncertainties in 
values of the model parameters. Thus, aim of the paper is to present an algorithmic 
toolkit suitable within the conditions outlined and to be used for intelligent control 
systems design. 



2 Structure/Nonparametric Identification 

When considering nonlinear stochastic systems, the most general identification 
approaches are based on using non-parametric methods. In turn, solving non- 
parametric problems is considerably influenced by a choice of a measure of stochastic 
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dependence of random processes. Among the measures, the ordinary product 
correlation functions as well as the disperssional functions [1] 



^yx(v) = ^ 





V 






, v=t-s 



are commonly used. Throughout the paper, symbols M (•) , D (•) , M 



and 



cov (•,•) will respectively stand for the mathematical expectation, variance, 

conditional expectation, and covariance. However, the functions are known to be able 
to provide restricted magnitudes of actual stochastic dependence, especially within 
nonlinear problems. In particular, the product correlation and disperssional functions 
may vanish provided that there exists a deterministic dependence between the input 
and output variables of a system [1-3]. Thus, the most suitable way within the non- 
linear system identification is based on using consistent, following to Kolmogorov’s 
terminology, measures of dependence. Consistency of measure of dependence 
ju{x,y) between random variables x and y means that n{x,y)=0 if and only if x 
and j are stochastically independent, with j^{x,y)=\ if there exist a deterministic 
functional dependence between x and y . Among the consistent measures, the 
maximal correlation function [4] is, say, of a “covariance nature”: 



Syx(v)= sup COV (B(y(0),c(x(5))), v = t-5, (1) 

M(B(y(0))=M(C(x(^)))=0, 

D(B(y{t))) = D(C(x(^)))=l. 



In contrast to the correlation and disperssional functions, the maximal correlation 
function is a complete characteristic of link between random processes. It also should 
be noted that there exists an example [4] when actual dependence between the input 
and output variables is nonlinear even provided that the regression of a variable onto 
another one and vise versa is linear. For the example, such a dependence is properly 
handled ultimately by the maximal correlation. 

A problem statement naturally leading to using the maximal correlation function of 
input and output processes of investigated systems is as follows. The model’s operator 
is searched for as a linear dynamic mapping ^^of a nonlinear input transformation ^ 
into a nonlinear output transformation ^ : 

B y(t) = A C x(s) . (2) 



Within the problem, the all three components are subject to identification in 
accordance with minimization of the mean squared error value: 

j{A ,B,C) = d(b y{t)-A C x(5)). 

j ^ \ 

Formally, one should find the operator triplet [A ,B ,C I meeting the condition 
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U ,B ,C )=arg inf J(A ,B,C), 

d(b = x(5))=1. 

A structural scheme corresponding to the problem statement is presented at fig. 1 
where Ni{») and A^2(*) are some nonlinear transformations, L{») is a linear dynamic 
operator. Within the notations, above operator ^ is considered as inverse, in some 
sense, to transformation A^2(*)- 




Fig. 1. A stmcture scheme of the system model identification based on the maximal correlation 
function approach 

Obviously, such a representation covers a broad class of systems. If B =C =1 , 
with being the identity transformation, relationship (2) corresponds to conventional 
linear system representation 

y(t)=A x(s). 

If B =1 and ^ is a nonlinear static one y^(-) then (2) describes a class of 
nonlinear systems which is referred as Hammerstein systems: 

y(t)=A f{x(s)). 

The systems are obtained by nonlinear static gain followed by linear dynamic one. 

If C = I and a nonlinear static transformation, relationship (2) represents 
systems which may be thought of to be of the Wiener type. The Wiener models are 
obtained by sequential linking linear dynamic and nonlinear static y^(-) gains, with 
the transformation ^ being considered to be inverse to the nonlinear characteristic of 
the Wiener model: 
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T(0 = /^ 

For a case when the operators ^ and ^are conditional mathematical expectations, 

BrW = M{-;/(,)}.Cx« = M{-;/(^)}. 



where Z 2 are some random elements, representation (2) gives rise to the 
disperssional type models [1] 

A concrete form of the above model is determined by corresponding choice of 
elements zj and Z 2 . Say, for the case zj = Z 2 = y(t) the former expression 
corresponds to the linear in mean models [1], i.e. the models which are linear in the 
conditional mathematical expectation of the output process with respect to the input 
one, i.e. 



r('*=A m| }. 

In accordance with the above problem statement, the identification scheme is 
separated onto two stages. At the first one, the only nonlinear transformations of the 
input and output processes are determined in accordance with the condition of the 
maximal arithmetization [5] of probability distribution given by the joint distribution 
density of the input and output random processes. Within the context, the maximal 
arithmetization assumes determining a pair of transformations of the input and output 
processes, which provide maximization of the correlation function of the processes in 
accordance with expression (1). 

From another hand side, such a pair of transformations is just the pair of the first 
eigenfunctions corresponding to the largest (except unity) eigenvalue of the stochastic 
kernel K(y,x,v) given by the joint p(y,x,v) and marginal p(y),p(x) distribution 
densities of the input and output processes [5-7]: 



K(y,x,v) 



p(y,x,v) 

4p{.y)p(x) 



In turn, this largest eigenvalue is the maximal correlation. Thus, within the approach 
described, choice of the nonlinear transformations of the input and output processes is 
completely formalized. Such a choice does not require any heuristics, restrictive 
assumptions on distributions of the random processes, or assumptions that the 
nonlinear transformations belong to a parametric family. 

At the second stage of the identification scheme, following to conventional 
techniques in accordance with the mean square error criterion, the linear mapping is 
determined by use of the nonlinear transformations obtained at the preceding stage. 
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Also, provided that the all three components of the identification problem are 
obtained, the identification scheme may be supplemented by a procedure of 
determining a statistical equivalent transformation which is inverse to the output 
transformation. This finally leads to the conventional input/output description based 
on a relationship which is solved with respect to the output process. 

In the fullness of time [1], to express quantitatively nonlinearity of a system, a 
notion of degree of nonlinearity has been introduced. Within the disperssional 
identification, such a measure is derived by a comparison of the ordinary product 
correlation function and the disperssional function of the input and output processes 
as follows 



ridisp(y) 




olM 



with Ky^{v ) , Oyx(v) standing for the product correlation and cross-disperssional 
function as defined above. 

At the same time, the approach presented, enables one to improve the characteristic 
of nonlinearity by introducing a corresponding comparison between the ordinary 
product correlation and the maximal correlation functions of the input and output 
processes of a system, i.e. 



.{v) = . 



1 - 






S%(v) 



with 77jjj2j,coiT('^)'^^'^ishing if and only if all the transformations (B,C) are linear 
ones. Obviously, 



^maxcorr (v) ^ tep(v) • 



In addition, using the maximal correlation enables one to introduce another 
measure of nonlinearity, the degree of nonlinearity in mean. Such a measure is based 
on comparison of the disperssional and the maximal correlation functions: 



^mean 




Oyxit,s) 
Syx(t,s) ' 



Correspondingly, vanishing such a measure means the system under study is linear 
in mean, that is linear in conditional mathematical expectation of the output process 
with respect to the linear one. 

Some examples may be presented which demonstrate usefulness of such 
quantitative characteristics introduced. Consider a simple (static) input/output system 
for which the joint distribution density (not known in reality, of course, within an 
identification problem statement) of the input and output variables has the following 
form [4] 
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P(x,y) = 
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where 



Hk(x) 



(-1)^ y/2 d’' -yPl2 
dx^ 




Kk-\) ^ 
l!-2 



with Hj^{x) being the Hermite polynomials. 

For the system, the degree of nonlinearity based on the disperssional function is 
equal to zero, while that of based on the maximal correlation does not: 

77 = / 

'I max corr ■ 

For another system, let the joint distribution density of the input and output 
variables be as follows [3] 



P- 1 / = 1 



x^ + y^ — 2Axy 



2 1-/1^ 



+ 



+ 



4k^Ji-/^ 



■exp 



x^ + y^ + 2Axy 



2 1-/1^ 



, with U| < 1 . 



Then, for such a case, the corresponding disperssional characteristic is undefined, 
while the degree of nonlinearity and degree of nonlinearity in mean both are equal to 
unity. 

Thus, the technique proposed enables one: 

- to split the nonlinear system identification scheme onto simpler sequential stages, 

- to achieve completely formalized choice of nonlinear input and output 
transformations without any heuristics, and a priori assumptions on distributions of 
the random processes, or that the transformations to belong to a parameterized 
family, 

- to use a consistent measure of dependence of random processes, the maximal 
correlation function, which properly reflects the actual inherent stochastic linking 
between the processes. 
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- to derive a nonlinearity measure of the system under study, with the measure being 
more accurate in comparison with those of based on ordinary product correlation 
functions, or disperssional functions. 



3 Parametric Identification 

An opposite case to the nonparametric approach considered above, is concerned with 
unknown system parameters. When the system model is unknown up to values of 
parameters, the parameterized description of the models are commonly used as a 
prediction y(t, d) of future values of the output process y(t) [8] where (for the linear- 
in-parameters systems) 

y{t) = e* (p{t) + v(t). 

* 

Here 0 stands for the model parameter vector, with 6 standing for the truth system 
parameter vector. Within such a case, the main attention is focused on deriving 
recursive parameter estimation algorithms. Conventionally, recursive parametric 
identification involves least square algorithms, extended and generalized least 
squares, maximum likelyhood, and instrumental variables. In turn, choosing a 
technique among them is based on the available information on disturbances v(t) 
affecting the system. 

For instance, known optimal algorithms and optimal on a class algorithms derived 
for identification of ARMAX (Auto Regressive Moving Average with eXogeneous 
inputs) models considerably use the disturbance model representation as a moving 
average process of some known order. Deriving such algorithms is based, in entity, on 
using the maximum likelyhood method. Similar assumptions on the external 
disturbances model structure are used within a number of optimal instrumental 
variables algorithms. And some general enough approaches, which are based on 
considering the disturbance model as an autoregressive moving average process, 
require information on orders of degrees of the corresponding polynomials of the 
disturbance filter, that is the disturbance model structure is also assumed to be known. 

From another hand side, unknown disturbance model structure is just the natural 
limitation of an identification problem, while deriving optimal algorithms is based on 
accounting such a model. In turn, a number of identification problems may require 
both obtaining system parameter estimation and determining disturbance model. 
Another case of a problem statement may be concerned ultimately with identification 
of the system parameters. Within the former case, using an optimal algorithm seems 
to be not necessary while using an algorithm, which does not require involving 
disturbance model, would be acceptable. Thus, the consideration has been focused on 
recursive parametric identification of dynamic systems of the above form affected by 
a disturbance having a completely unknown model structure. 

Under unknown disturbance model structure, the only way to obtain unbiased 
estimates of the system parameters is using the instrumental variable methods. 
Among them, the ovedetermined extended instrumental variable method originally 
proposed by Stoica and Soderstrom [9-11] is the most general one. In entity, 
identification criterion corresponding to such a technique may be expressed as a 
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condition of coincidence of a generalized covariance function of the output system 
process and the instrumental variable vector, from one hand side, and the predicted 
output process and the same instrumental variable vector, from another hand side: 

0 = argmin/(0) , 

0 

In the above relationship, 

Ky,=u[z{t)F{q-^)y{t)], 

Ky,{0) = u[z{t)F{q-^)y{t,0)] 

are the cross-covariance functions of the instrumental variable vector Z(f), 
dimZ(t)>dim0 , and, correspondingly, observed output y{t) and predicted output 

/V /V T /V 

y(t,0) , y{t,0) = 0 ^(t) , with the outputs y{t) and y{t,0) being transformed by an 

asymptotically stable filter F{q~^) . Here g is a positively defined weighting matrix, 

and, conventionally, for a column- vector X, = X QX . 

Conditions, which the instrumental variables are to meet to, are obvious and have 
the form 

M(Z{t)v(5)) = 0 V t,s , rawHVl(z(t)^^(t))=dim^(t) . 

By ergodicity 



lim Z{k)F{q )y{k) = K a.s., 
t^oo t Au ^ 

k=\ 
t 

lim-'V Z{k)F{q~^)y{k,0) = K^^{0) a.s.. 



k=\ 



and criterion (3) may be rewritten in the form 

0 = argmin/(0) , 
0 



•-7 



I 

'^Z{k)F{q-^){y{k)-Kk,0)) 



k=\ 



( 4 ) 



Conventional recursive instrumental variables algorithms are constructed in 
analogy to those of recursive least squares, which have been widely used in problem 
of linear-in-parameters model identification. As well known, the basic idea of the 
RLS algorithm is to obtain parameter estimates by minimizing the sum of the squared 
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errors between the observed and estimated output variables of the model. In the RLS 
algorithm, the initial covariance matrix should be chosen properly to ensure the 
existence of all the estimates in the estimation chain, especially in the ill-conditioned 
situations. It is well known that the covariance matrix may affect the convergence 
rate of the estimates of the RLS algorithm, hence applications to problems requiring a 
fast convergence rate or involving ill-conditioning situations will be limited [12]. 
Some modified versions of the RLS algorithm, being applicable for the ill- 
conditioned situations, are known. These, however, are oriented for a restricted model 
description. In turn, conventional recursive instrumental variables algorithms inherit 
some recursive least square features. Among them, both the condition number of the 
identification criterion Hessian and autocorrelation disturbance properties play an 
important role. These are well known to be able to influence the identification 
processes and lead to unacceptable results. 

In contrast, within the proposed approach, the Hessian inversion is eliminated by 
representation of the recursive identification algorithms as a linear combination of the 
estimate obtained at the preceding algorithm step and the current observation vector: 

e{t) = a{t)e{t-l) + P{t)(p{t) . 

Coefficients o{t). Pit) of such a combination are to be chosen to meet a condition 
suitable within a specified identification problem statement. Following to the 
considered problem assumptions, that is the condition of colour disturbances having 
completely unknown model structure, choosing the above coefficients is implemented 
by described criterion (4) corresponding to the overdetermined extended instrumental 
variables. As a result, such an approach enabled one to obtain a strongly consistent 
recursive identification algorithm possessing increased stability of current estimates 
with respect to sample data. 

A number of examples demonstrate a good efficiency of the algorithm presented 
under various characteristics of systems subject to identification. Figures 2 to 7 
represent the behavior of the current Euclidean identification error square norm 

-0*] corresponding to the algorithm obtained, the solid line 
Ole,, and to the conventional recursive algorithm of the extended instrumental 
variables [13], the dotted line Roiv,. Stability of the algorithm behavior is clearly 
manifested both with respect to the condition number of criterion (4) Hessian 
(example 1 (fig. 2) where the condition number is of order 10^, and example 2 (fig. 3 
and fig. 4) where the condition number is of order lO”), and with respect to the 
external disturbance structure (example 2 (fig. 3 and fig. 4) where the condition 
number is of order 10'* under colour disturbances, and example 3 (fig. 5) where the 
condition number is of order 10“ under white-noise disturbances; example 4 (fig. 6) 
where the condition number is of order 10^ under colour disturbances, and example 5 
(fig. 7) where the condition number is of order 10^ under white-noise disturbances). 




Fig. 3. Example 2 (fine scale): behavior of the current Euclidean identification error square 
norm when criterion (4) Hessian condition number is of order 10^ under colour disturbances 






Fig. 5. Example 3: behavior of the current Euclidean identification error square norm when 
criterion (4) Hessian condition number is of order 10“* under white-noise disturbances 
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Fig. 6. Example 4: behavior of the current Euclidean identification error square norm when 
criterion (4) Hessian condition number is of order 10^ under colour disturbances 




Fig. 7. Example 5: behavior of the current Euclidean identification error square norm when 
criterion (4) Hessian condition number is of order 10^ under white-noise disturbances 
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From another hand side, the fact, that the identification criterion Flessian is ill- 
posed, is not necessary an obstacle for convergence of the recursive schemes based on 
direct minimization of criteria of form (4) (examples 3 and 5). Provided that Hessian 
is ill-posed, just auto-correlation nature of the external disturbances should be 
considered as a significant factor which considerably affects the sample covariances 
forming the identification criterion Hessian components and, finally, worsening 
convergence properties of the conventional identification schemes (examples 2 and 

4). 

As a branch of practical implementation of the approach presented, an example 
may be considered referring to the fault detection problem based on system model 
parameter identification. So, figures 8 and 9 demonstrate, as above, the behavior of 
current Euclidean square norm of deviation of the current system parameters from the 

nominal ones = i^iO~^nom) of Ihe systems from example 1 

(fig. 8) and example 2 (fig. 9) correspondingly. Within the example, before the 2000- 
th time step the vector of the truth system parameters had been corresponding to the 
nominal system parameters, while after the 2000-th time step an abrupt change has 
been appeared. For the case, loose of efficiency of the conventional recursive 
instrumental variable algorithm is clearly manifested, the dotted line in example 2 (fig 
9). This leads to false indications on a possible fault. From another hand side, stable 
behavior of the algorithm presented is expressed both under nominal system 
parameters and under a fault appeared. 




2000 4000 eooo 8000 



Fig. 8. Fault detection in example 1 system 
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ECO 20CD 3000 4000 5000 



Fig. 9. Fault detection in example 2 system 

It is interesting to note that, at fig. 9, the Hessian condition number of the “faulty” 
system, i.e. after the 2000-th time step, is of order 10. This confirms convergence 
properties of the conventional recursive instrumental variable algorithm in accordance 
with the above inference. 



4 Conclusions 

Algorithmic identification tools have been presented covering general enough classes 
of input/output stochastic system descriptions. When applied to nonlinear system 
identification, the algorithms are based on nonparametric approach requiring minimal 
body of a priori assumptions with respect to the considered system. When applied to 
linear-in-parameters systems, the corresponding approach enables one to derive 
computationally efficient recursive algorithms under broad assumptions with respect 
to external disturbances affecting the considered system. As a basic mathematical 
tools both within the nonparametric and parametric approaches the functional 
correlation function, i.e. correlation (covariance) of some transformations of the 
considered processes, has been used. In dependence of a type of investigated system, 
the corresponding transformations may be chosen in accordance with appropriate 
criteria. Such a choice leads to corresponding partial types of the functional 
correlation: the maximal correlation function, the generalized covariance functions. 

Both theoretical and computational examples have been presented illustrating the 
results obtained. 
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Abstract. The paper presents examples of artificial neural networks 
approach for analysis of gas sensors responses. The research focused on 
quantitative analysis of gas mixtures appearing in dry and humid air. 
Despite difficulties in development of selective gas sensors, application 
of neural networks as self tuning signal processors provide construction 
of sensor systems capable of reliable measurements as well as analysis 
of gas mixtures with reasonable accuracy. Possibility of implementation 
of neural processing in low-cost devices enables eventual fabrication of 
microsystems integrating gas sensor matrices with intelligent data pro- 
cessing devices. 



1 Introduction 

Recent development of adaptive neural networks derivates, to a high degree, 
from the theory of Wiener’s filter. This paper presents practical application of 
neural networks for identification of gas compounds appearing in mixtures. 

Authors first focused on detection of dangerous concentrations of methane 
and carbon monoxide, which reveal respectively explosive and poisonous pro- 
perties. Both these gases may appear in houses or boiler-rooms because of leaky 
installations or improper combustion in furnaces. Facing strong need for alar- 
ming or security systems appropriate low-cost solutions should be proposed. The 
authors came to conclusion that most attractive proposition would be chemical 
sensors based on metal oxide semiconductors, especially Sn02. Although these 
sensors reveal poor selectivity and strong dependence on the properties of the 
atmosphere, especially humidity, still according to the literature their lifetime is 
the longest and cost of fabrication very low. Thus a few variants of systems con- 
taining combinations of methane, carbon monoxide and humidity sensors were 
proposed. Both qualitative and quantitative analysis systems were considered. 

Similar approach to volatile organic compound mixtures analysis was found 
to be slightly more difficult task. Sensor matrix was composed of commercial 
TGS 800 series sensors made by Figaro. Long-term experiments involved inve- 
stigation of sensor matrix reaction for mixtures of compounds changing together 
with humidity level. Large amount of data collected provided appropriate pat- 
terns for development of several variants of neural networks. Eventually quan- 
titative analysis of reasonable accuracy was found possible. Implementation of 
developed neural network structures in single-chip microcontroller and dedicated 
digital integrated circuits was considered. 
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2 Gas Sensors 

Gas sensors are classified among chemical sensors. Methane, carbon monoxide 
and vapours of volatile organic compounds reveal combustible properties. Their 
interaction with semiconductor Sn02 sensors relies on oxidation - burning of 
molecules of these gases on the surface of sensor, which then changes its electrical 
conductance: 

G = Go + ap” (1) 

where: 

Go - conductance of Sn02 in clean atmosphere 
a - constant characteristic for the gas (for oxygen it is negative) 
p - partial pressure (concentration) of combustible gas 
n - exponent, characteristic for particular reaction (e.g. for oxygen could be 
from 1/6 to 1/2, for methane 1/3, for carbon monoxide 1/2) 

Generally the sensors are not selective, although appropriate catalysts ad- 
ded to Sn02 semiconductor together with selected temperature of operation 
set, provide increase of sensitivity to desired gas. Thus precise control of sensor 
operating temperature becomes very important issue [1]. 

Gontemporary gas sensors are fabricated with technologies commonly used 
in microelectronic industry. In this case thick film technology was applied. All 
sensor elements are screen-printed on ceramic substrate and fired in appropriate 
high temperatures (Figure 1). 




Fig. 1. Design of thick film gas sensor 



Before the application sensors are measured with special gas installation 
providing transport of desired gas mixture to the chamber with sensors (Fi- 
gure 2) [2]. 

Typical characteristics of the sensors show sensitivity to selected gas depen- 
dence on temperature (Figure 3a) or conductance versus gas concentration for 
chosen fixed temperature (Figure 3b). 
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Fig. 2. Automatic test system for gas and humidity sensor testing 

a) b) 




Fig. 3. Responses of the Sn02 thick film sensors, temperature sensitivity - (a), sensor 
interface output - (b) 



Considering the chart presented in Figure 3b it is visible that methane sensor 
would react for carbon monoxide and carbon monoxide sensor for methane. 
Additionally both sensors were found to be sensitive to humidity. 

In opposition to single gas influence on sensor response, strictly described by 
equation (1), derivating from theory, there is no adequate formula describing sen- 
sors reaction for mixture of compounds. Extensive investigations led by several 
research groups revealed only complex character of interaction between gas mole- 
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cules on the surface of the sensor. Similar problem was found with explanation 
of water molecules impact, i.e. the influence of humidity. Either reverse formulas 
- providing calculation of gas concentrations from sensor matrix responses have 
not been developed yet for the general case. These reasons cause growing interest 
in neural networks application in sensor systems for both qualitative [3], [4], [5] 
and quantitative [6], [7], [8] analysis. 



3 Neural Networks for Analysis of Sensors Responses 

3.1 Methane and Carbon Monoxide 

For the purpose of methane and carbon monoxide measurements the sensor 
matrix was composed of appropriate two gas sensors and humidity sensor [8] . 

The network contained three input units, two hidden layers with 22 neurons 
in each and three neurons in output layers. Sigmoid transfer function was applied 
in all the neurons. The training process involving classical error backpropagation 
(BP) algorithm [9] was performed with Neural Works II software (Neural Ware). 
After 150 thousand of iterations satisfying local minimumwas reached. Accuracy 
of neural network responses was tested on 460 patterns containing responses of 
the three sensors for different mixtures of methane and carbon monoxide, with 
four humidity levels (half of this data was used directly in training process). 

The results of testing are presented in Figures 4 and 5. The two charts show 
appropriate neural network outputs responses versus real concentrations of the 
two gases. In both cases the samples contained also another gas. For methane ou- 
tput the inaccuracy does not exceed 7% of the range whilst for carbon monoxide 
it does not exceed 13%. 

3.2 Volatile Organic Compounds 

Similar methodology was applied for analysis of different volatile organic compo- 
und mixtures containing alcohols and aromatic compounds - benzene, toluene 
and xylene. Six commercial TGS 800 series sensors made by Figaro were cha- 
racterised in appropriate mixtures. The experiments revealed similar reactions 
of all the sensors for all compounds and high sensitivity to humidity. None of 
these sensor applied alone would be capable of reliable measurements of any 
vapour if to assume that compounds would appear together or e.g. the humidity 
would change. This paper focuses on mixtures of butanol and toluene, which are 
commonly used in organic solvents. Both these compounds are known to impact 
human health. 

After initial analysis of data four sensors were chosen for butanol/toluene 
mixtures analysis. In-house developed software tool was applied for construction 
of several variants of neural networks providing translation of sensors responses 
to continuous values determining concentrations of the two compounds. The best 
results were obtained for the network containing four input units, two hidden 
layers with 20 and 30 neurons respectively and output layer with two regular 
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Fig. 4. Neural network responses for methane in mixture 




Fig. 5. Neural network responses for carbon monoxide in mixture 
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neurons. Simple summation of weighted signals and sigmoid transfer function 
were applied in all the neurons excluding ones from input (dummy) layer. 101 
patterns finely distributed in the space of compounds concentrations and humi- 
dity were used for network training and whole data set (ca. 150 patterns) for the 
tests of evaluated structures. Output vectors were scaled to the range of [0.1, 
0.9], whilst the input vectors (sensors responses) were left in physical range (0 to 
12V). Learning strategy was based on BP algorithm again, with uniform noise 
and random schedule of patterns presentation. Additional mechanism was im- 
plemented for tracking of the training process. Periodic memorising of the best 
actually reached result provided comfortable way of long-term network evalua- 
tion with significant reduction of overtraining danger. 

The learning ratio was initially set to 0.1 and then decreased to 0.001. Strong 
momentum ratio (0.8) was applied. Evaluation of the network took 7.8 million 
iterations. Such a long time was found as a kind of optimum by the mentioned 
tracking procedure, although there were also smaller structures of not much 
worse quality obtained after e.g. 200 thousand iterations. 

The test results of the best solution reached are presented in Figures 6 and 
7. Horizontal axes denote real concentrations of each compound in the mixture, 
while vertical axes stand for the responses of each output unit of the neural net- 
work (responses are scaled again to physical range). The neural network provides 
responses with inaccuracy lower than 14% of range for toluene output (average 
2.3%) and lower than 7.6% for butanol output (average 1.5%). 




Fig. 6. Butanol dedicated output responses for butanol and toluene mixtures 



These parameters relate to each output for all assumed concentrations of the 
other ( “noisy” ) component and all tested levels of humidity. 
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Fig. 7. Toluene dedicated output responses for butanol and toluene mixtures 



3.3 Neural Networks Implementation 



Considering ofF-computer implementation of the neural networks, additional soft- 
ware was created, providing automatic generation of appropriate function code 
in standard C language. The neural network for methane/carbon monoxide mix- 
tures analysis was successfully implemented in Intel 8051 compatible microcon- 
troller [11]. 

Experiments on similar tool based on VHDL language were also performed, 
aiming in ASIC realisation of neural networks for the purposes of microsystem 
technology. 



4 Conclusions 



Two sensor systems for quantitative analysis of gas mixtures were presented. 
Reasonable accuracy of responses make them potential replacement of tradi- 
tional devices, usually providing better quality but extremely expensive and 
troublesome in ofF-laboratory operation. 

It was shown that tin oxide based semiconductor gas sensors may be succes- 
sfully applied for the tasks which are far beyond the vendors expects, however 
somewhat sophisticated methods of data processing seem to be necessary. On the 
other hand, in such applications, poor selectivity of sensors reverses to significant 
advantage. 
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Abstract. The scenario treated in this paper concerns the discrete event control 
and supervision of two decoupled continuous systems. The theoretical 
framework is based on the hybrid control system architecture, developed by P.J. 
Antsaklis and his co-workers and on the supervised control concept, proposed 
by the Sylodi Group from Grenoble. The main contribution of this paper is an 
algorithm for building the discrete event approximation of a continuous system 
with unknown, constant and constrained parameters. The Antsaklis formalism 
is extended to a disturbed continuous first order system. 



1 Introduction 

This contribution proposes a scenario and a layered architecture for the supervision of 
two hybrid control systems (HCS) that can work independently without supervision. 
The motivation of this study is an introductory discussion concerning some problems 
arising in the modeling and design of complex systems, implying combined 
continuous and discrete approaches. 

The supervised control of discrete event systems (DBS) has been defined by the 
researchers of the Sylodi Group from the Automation Laboratory of Grenoble, as an 
extension of the Ramadge-Wonham supervisory theory of DES [1], [2]. In fig.l, the 
events from are generated by the process and the events from are generated by 
the logic controller. The controller forces some events in the process to occur, while 
the supervisor prevents some events from to occur. The control and supervision 
tasks are separated. 

The HCS structure considered in this paper is a variant of the framework proposed 
by Antsaklis and his co-workers from the ISIS Group, and it comprises a continuous 
plant that is controlled, through an interface, by a DES (fig.2) [3]. The plant and the 
interface are first abstracted to a DES, called the DES-plant. Then the controller is 
built as a Moore machine, by adapting the techniques from the Ramadge-Wonham 
DES control theory [4], [5]. 

The example presented below combines these two approaches. The plant 
comprises the undisturbed levels dynamics in a two tanks system and the disturbed 
temperature dynamics in the first tank. The intuitive description of the plant is 
presented in section 2. The HCS for the levels and temperature are developed in 

F. Pichler, R. Moreno-Diaz, and P. Kopacek (Eds.): EUROCAST’99, LNCS 1798, pp. 573-587, 2000. 

© Springer-Verlag Belin Eleidelberg 2000 
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sections 3 and 4 respectively. In section 5, the supervisor will solve an additional 
logical restriction, imposed to the modular extended hybrid process represented by the 



two HCS. 



r® 

(authorised 
event list) 




(generated and 

authorised 

event) 



Fig. 1. The supervised control of a DES [1] 




DES-PLANT 



Fig. 2. The architecture of a HCS [3] 



2 The Continuous Plant - An Intuitive Description 

The plant is represented by a two tanks fdling process and an additional first order 
system, describing the evolution law of a property of the liquid in the first tank, for 
example the temperature (fig.3). The plant is equipped with level and temperature 
threshold sensors, u^ and are the control signals (1 = on, 0 = off) for the valves VI 
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and V2. V3 remains open. Mjis the control signal for the temperature actuator TE and 
it can switch between the values -D, 0 or D, with D > 0 a given value. The continuous 
filling process and the temperature evolution are independent. 



u, (0/1) 




Fig. 3. The plant equipped with threshold sensors 



3 The Unsupervised Discrete Event Control of the Levels 

The HCS associated to the levels dynamics has the structure depicted in fig. 2. The 
generator, the DES-plant model and the controller have to be synthesized, starting 
from a primal control objective. 



3.1 The State Equations of the Levels Dynamics 

In fig. 3, Xj and are the liquid levels in tank 1 and 2 respectively and Q^, Q^, are 
the flows. Denote |R the set of real numbers. The levels dynamics is described by the 
differential system 

X = f(x,u), v/ith fix, u) ^ [-ax^u^ + bu^ ax^u^-cxj^, (1) 

where x = [Xj x^J^e |R^ is the state vector, u = [Mj jR^ is the control vector, a, 

b, c e |R are parameters, = bu^, = ax^u^ and = cx^. 

The parameters a, b, c together with the threshold limits L^, Hj and (fig.3) 
satisfy the restriction 

{Res ) : a = c > 0, 0 < Lj = < Hj = H^, aLj < b < aHj. 



( 2 ) 
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3.2 The Actuator 

The control vector u takes values in the set {/j = {[1 0]^, [0 1]^, [0 0]^, [1 1]^}. 
Consider the alphabet of control symbols 

R, = {r^,r^,ryr,}. (3) 

The actuator implements the function y^■. defined by 

Of, x('- 2 ) = [0 If, XW = [0 of, XW = [1 If. (4) 

Denote A: e |N = {0, 1, 2, ...} the logical time variable. A sequence of control 
symbols = r(0),r(l),...,r(^), ..., r{k) £ R^, Vk £ |N, generates a piecewise constant 
control signal 

h(0 = [Mi(0 = X 

teD 

where tjji) £ |R is the moment when r(k) is received from the DBS controller, t^{k) < 
tJJc+\), \/k £ |N and I : |R x |R x |R — > {0, 1} is a characteristic function defined by 
I(t,t^,t^) = 1, if tj < t < and I{t,t^,t^ = 1 if else. 



3.3 The Generator 

The primal control ohjective. The primal control objective of the levels dynamics is 
to drive the state vector x = [x^ by means of a control signal «(.) (5), in order to 

satisfy the string of restrictions c(0),c(l),c(2), Vx(0)e c( 0), where c(0), c(l) and 

c(2) are open regions in |R^ defined as follows: 

c(0) : 0 <Xj <Lj, 0 <^2 <L 2 ; c(l) : Lj <Xj <Hj, 0 <^2 <L 2 ; 

c(2):Lj<Xj<Hj, L2<X2<H2. ^ 

The state space partition. Based on (6), consider the smooth functionals A, : |R^ — >|R, 



/ = 1, 2, 3, 4, defined as follows: 

hjx) = X, - Lj, hfx) = -Xj + Hj, hfx) ^x^- hfx) = -Xj + Hj. (7) 

Denote {A,, : |R^ — > |R | i = 1, 2, 3, 4}. Mh, £ A,, separates |R^ into two open 

halfspaces and Ker{h) = {x £ |R^ | hjx) = 0} (fig. 4) is a nonsingular hypersurface. The 
gradients of the hypersurfaces are constant, so they don’t depend on the currentx : 

grad(Aj) = [l 0]"', grad(A 2 ) = [-l 0]"', gradCA,) = [0 1]"', grad(/!,) = [0 -1]'’. (8) 

Define sgn : |R — > |R, sgn(j) = -1, ify < 0, sgn(y) = 0, ify = 0 and sgn(j) = 1, if 
y > 0. The quality function ^ : |R^ — > {-1, 0, 1 is defined by 

b{x) = [sgn(A,(x)) sgn(hfx)) sgn(hfx)) sgn(hfx))]. (9) 



The value b(x) is consistent if and only if sgn(/i_(x)) ^ 0, and inconsistent if 

else [5]. Consider |R^\B’r, with Fr = Uti Ker(A, ) . 
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Ker(/!,) Ker(/,J 



H2 

H2+ 

L2+ 

L2 




L, H, 



KerW 



Ker(/,,) 



Xj 



LI L1+ H1+ HI 



Fig. 4. The state space partition of the fdling process in fig.3 and the associated plant symbols 



Table 1. The significance of the discrete states of the levels DES-plant model 



The 






The cellular space 


The set of consistent 


alphabet 

P. 






C-DX,,, 


quality values B 


Pi 


Cj = {x £ 


|R'I 


h^(x) < 0, hfx) > 0, hj^ix) < 0, hfx) > 0} 


b, = [-l +1 -1 +1] 


Pi 


C, = {x E 




h^x) > 0, hfx) > 0, h,(x) < 0, hfx) > 0} 


Z», = [+l +1 -1 + 1 ] 


Pi 


C3 = {X E 


R" 


h^{x) > 0, hfx) < 0, h^{x) < 0, hfx) > 0} 


Z»3 = [+l -1 -1 +1] 


P 4 


C4 = {X £ 


R' 


h^{x) < 0, hfx) > 0, h^{x) > 0, hfx) > 0} 


Z»4=[-l+l+l+l] 


Ps 


C5 = {X E 


R' 


h^(x) > 0, hfx) > 0, hj(x) > 0, hfx) > 0} 


65= [+1 +1 +1 +1] 


P 6 


C, = {X E 


R' 


/tj(x) > 0, hfx) < 0, h^{x) > 0, hfx) > 0} 


Z», = [+l-l+l+l] 


Pi 


C, = {X E 


|R'I 


/ij(x) < 0, hfx) > 0, h^{x) > 0, hfx) < 0} 


Z», = [-l +1 +1 -1] 


Pi 


C, = {X E 


R' 


h^(x) > 0, hfx) > 0, hj(x) > 0, hfx) < 0} 


Z», = [+l+l+l-l] 


P, 


C, = {X E 


R' 


h,(x) > 0, /i,(x) < 0, /t,(x) > 0, hfx) < 0} 


Z», = [+l-l+l-l] 



The equivalence relation induced by 5/ is Rel a DX X DX, defined by 

[x^ xj^ e Rel O hlxjh^ix,) > 0, V/i, £ 5/. (10) 

The cellular space or the state space partition = C is the set of all classes of 
equivalence of the relation Rel. Define Q = card(Q = 9 and 1^= {1, 2, 9}. The 

alphabet of discrete states of the DES-plant is a set of Q distinct indexed symbols (see 
fig. 4 and Table 1) 

Pj = {;?,, (11) 

The map et : C — > Pj, et(c^) = , Vq e Ig is the label functionof C. Vc^ e C, b(x) 

is constant and consistent, Vx £ c^. Denote b(x) ^ [b^' b^^ b^''], Vx e e C 

and define B = {b^, b^} the set of all consistent quality values (Table 1). The 

bijective maps ech : C ^B, ech(c^) = b^, \/q e f and etg \ B -^P, etfb^ ^p^, \/q e f 
have the property et^ 0 ech = et [5], 
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The discrete states p^, e are adjacent if 3A, £ 5/ s.t. the vectors 
and = etg(p) satisfy the relations b^b' = -1 and b^b^^ = 1, Vy ^ i,j £ {1,2, 3, 4}[3], 
The open adjacency frontier is A{hpp^,pj) = (x £ |R^ | sgn(/zXx)) = 0 and sgn(A^(x)) = 
b!,, Vy i,j e { 1, 2, 3, 4} } = A{k,p^,p) c KsxQij [5]. 

The speed of the state vector of the system (1) can have four distinct expressions: 

f(x)=f(X,Yjrf)^[h -cxj’’; ffx) =ffi,Yjrf)^[-ax, ax^-cxj^ .j2) 

fM)=Ax,Yir,)) = [0 -cxj^ /,(x)=/x,x(r 4 )) = [-axj+b ax,-cxj^. 



Property 1. V/?^, p^ £ that are adjacent on Ker(/?,), h, £ S* and Vr^ £ R^, the 
following relation is satisfied: sgnifjlxj.gx&dfhf) = const., Vx £ A{h.,p^,p). 

The above property can be directly tested and it holds because Res (2) is satisfied. 

Property 2 [4]. V p^, p^ £ P^, if p^ and p^ are adjacent on Ker(/i,), A. £ 5/, then p^ is the 
only discrete state that is adjacent on Ker(/ij) to p^. 





a) ^ b) 

Fig. 5. Examples : a) the plant event (1+) occurs ify^^lxjf grad(Aj) > 0, with x e Ker(Aj); b) the 
discrete state transition is observed as the occurrence of the plant symbol Zj^= L1+ 

Plant events and plant symbols. Consider a functional A, : |R^ — > |R, /?, £ 5/ and x(.) 
a continuous evolution of the plant model (1). 

According to [3], the plant-event (/+) ( or (;-)) occurs at t^ £ |R if the following 
conditions are satisfied: a) hjx(Q) = 0 ; b) 3dj > 0 s.t. for all e, 0 < e < dj, hjx(t+^)) > 
0 (respectively hjx(t+^)) < 0)) ; c) 3(1^ > 0 s.t. for all e, 0 < e < d^, h.(x(t-d^)) < 0 and 
hjxf-^) < 0 (respectively hjx{t-df) > 0 and hjx(t-^) > 0). Eight distinct plant 
events can be defined with respect to the functionals from S^. Denote the set of plant 
events {(!+), (1-), (2+), (2-), (3+), (3-), (4+), (4-)}. The associated plant symbols 
Z44 = L1+, z, = LI, z ,4 = H1+, z,. = HI, Z34 = L2+, z,. = L2, z^, = H2+, z^. = H2 (fig.4) 
form the alphabet 

-^1 {-^1+? ^1-5 -^2+5 ^ 2 -’ ^ 3 +’ -^ 3 -’ ^ 4+5 ^ 4 -} 

S.t V/ £ (1,2, 3, 4}, Zj4 labels uniquely (/+) £ and z,,. labels uniquely (/-) £ E^. 



( 13 ) 
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Hypothesis 1. £ S* and Vx(.) a continuous trajectory of the plant (1), if £ |R 

s.t. \ {x(t ^ )) = 0 and = 0 , then is a local extremum of h^xQ) and x(.) does 

dt 

not cross Ker(/;,) at t^. 

Proposition 1 [5]. Consider £ S* and assume that hypothesis 1 is true. The state 
trajectory x(.) o/(l), controlled by «(.) (5), can produce at t^ £ |R the plant event : 

A) (/+) o (al) h(x(t )) = 0 and > 0 

dt 

O (a2) ^ £ Ker(/t,) and r^ £ s.t. x{tj) = x, u(t) = yjrj, Vt £ (tj, t*) 
andfj(x).grad(h) >0 or 

B) a-) o (bl) h(x{tj}) = 0 and < 0 

df 

O (b2) 3x £ Ker(/!j) and r^ £ R^ s.t. x(tj) = ^ u(t) = Vt £ {tj, t*) 
andfj(x).grad(h) < 0, 

where fjx) =flx(tj,u(tj)) is the speed of the continuous state o/(l) at t^ (fig.5(a)). 

Proof (of proposition 1). a) Only the basic ideas of the proof are presented. Consider 
x(.) a continuous-time evolution of (1), controlled by a signal «(.) (5) and t^ £ |R s.t. 
u(t) = y(rj, Vt £ (f, t*) ), i.e. «(.) does not switch at (. Consequently, the function 
(h,ox)(.) = hjx{.)) is smooth on {tj, t*) and Vt £ {tj, t*), the following relation holds: 

= (-«(0)^grad(/!,) = /’■(x(0,«(0)-grad(/!,) . (14) 

d? y=i uXj d? 

Hence (al) O (a2). (al) ^ (/+), according to the general definition of a plant event. 
(/+) => (al) because hypothesis 1 holds, which means that if (;+) occurs, then (al) is 

satisfied. If /i (x(0) = 0 and ^‘('^(^«(( = q then (/+) cannot occur because, in 

dt 

hypothesis 1, x(.) does not cross Ker(/i.) and it returns to the halfspace Hi = {x £ |R^ | 
hfx) < 0}. 

b) The proof is similar. n 

Hypothesis 2. The plant events do not occur simultaneously. 

Consider Fr = IJti Ker(/i,. ) and define the set of all intersection points of the 
hypersurfaces of S*, Int = {x £ Fr | 3/i., hj £ 5/, h. h., s.t. x £ K£v{h) fl Ker(/i^)}. 

In hypothesis 2, the generator implements the function gev : Fr \ Int — > Zj, defined 
s.t. gev{x(t)) = z.^ (or z,.) if (/+) (or (/-), respectively) occurs at t £ |R. 

A sequence of plant events is denoted = e(l),e(2),. . .,e(^), . . . with e(k) £ E^, \/k 
£ |N, A: ^ 0, and tjk) £ |R the moment when e(k) occurs, s.t. tjk) < tjk+\), \/k £ |N, k 
0. ((0)^0 is the moment when the external event “initialization” occurs. 

produces a sequence of plant symbols = z(l),z(2),...,z(^), ... s.t. z(k) = 
gev{x(tjk)) s Z^,\/k s |N \ {0}. 
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3.4 The DES-Plant Automaton and the DES Controller G^j 

In this section, the DES-plant model G^j is built first, without integrating the 
differential system (1). The DES controller for the levels dynamics is synthesized 
next, based on G^j. 




a) c) 

Fig. 6. a) The DES-plant automaton associated to the levels dynamic in fig.3; b) the DES model 
cz G^j with the desired evolution ; c) the DES controller of the levels dynamics 

The DES-plant model associated to the state equations (1) is a nondeterministic 
automaton G^j = {Pj, Z^, g-^J, where (10) is the set of discrete states, (3) is 
the input alphabet of control symbols, Zj (13) is the output alphabet of plant symbols, 
: Pj X 2’’' is the state transition function and x Pj— > Zj is the output 

function. The dynamic equations are 

Pik+'l) e f^,{p{k),r(k)), g,,(p{k),p{k+^)) = z{k+\), (15) 

where p{k) £ P^, z{k+l) £ Zj, r{k) £ R^ and p{k) ^p{k+\), \/k £ |N [5], 

Consider an evolution of G^^, ^ p{Q),p{\),...,p{k), ..., with p{k) £ P^, \/k £ |N, 

and tJJi+\) £ |R the moment when the transition p{k) — > p{k+\) occurs, observed as 
z(k+\) £ Z (fig. 5(b)). G is in p{k+\) if limx(t (A:+l)+^ £ ef'(p{k+\)), with 

x{tj(k+l)) £ Ker(/i.) and £ S* defining the adjacency frontier between p{k) and 
p{k+l). is controlled by a sequence of control symbols iv^j = r(0),r(l),...,r(^), ..., 
r{k) £ R^, \/k £ |N, and is observed as a sequence of plant symbols w^, = 
z(l),z(2),...,z(k-l-l), ..., z{k+\) £ Zj, \/k £ |N. It is assumed that tjf) = tjk), \/k £ |N. 

Continuous masked evolutions in G^j. Assume that p^ £ fjp^,rj, with p^, p^ £ P^, r^ 
£ and also that 3x„ £ = st'(p^) with the property F^(x„,t) £ c^, Vt > t„, where 

is the moment when r^ has occurred and F^(x„,t) = x„ -I- f {x{T),yfrfj)AT . Then the 
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trajectory x(.) = F^(x„,.) of (1) is called a continuous masked evolution associated to 
the pair (p^, rj [5], The presence or absence of continuous masked evolutions in 
can be analyzed only by inspecting the phase portraits of the system (1), with the 
control vector value u = Yi{rJ, for each £ R^, respectively. 

Building the DES-plant automaton G^j. The purpose of this section is to build G^j 
without integrating the state equations (1). Assume that the following hypothesis is 
true. 

Hypothesis 3. kjp^ e and Vr^ £ R^, there are no masked evolutions associated to the 
pair {p,, rj. 



Criterion 1 [5]. Assume that hypotheses 1, 2 and 3 are true. Consider p^, p^ £ and 
^ Ry 

A) p, G fpi(p,,rj in G^j if and only if 

(al) 3h, £ S*s.t. p^ and p^ are adjacent on Ker(/;.) and 
(a2) b‘.(ffix).gr^A{hf) < 0, Vx £ A{h„p^,p) c Ker(/!,.), 
where b' is the i component of the quality value = ech(pj and fj.)is the speed of 
the continuous state associated to r^ according to (12). 

B) Assume that p^ £ ffp^,rf). Then 

(bl) gpi(p,,P) = e -^1 if and only ifb^ = -1, or 
(b2) gpi(P,’P) ^ z.- ^ if and only ifb‘ = 1. 

The proof follows directly from proposition 1 and from property 1 and is given in 
[5]. The algorithm for the extraction of G^^ (fig. 6(a)) is based on criterion 1 and is 
presented in the Appendix. Note that G^j is observable [3], [5]. 

The DES controller. G^, is a deterministic Moore machine that evolves according to 
the received plant symbols and sends the adequate control symbols to G^j [3], [4], [5]. 

The primal control objective (6), presented in subsection 3.3, is modeled by the 
subautomaton cz G^j, with the desired evolution = p(0),p(l),p(2) = ppjJ^ 
(fig.6.(b)). w^f is controllable [4], [5], because there is a sequence of control symbols 
^ K0),r(l) = ry, s.t. i)f,{p„r{0)) = {p^}, ii)^,(p„r(l)) = {pj and m)ffp^,r(\)) is 
not defined, i.e. there is no spontaneous undesired transition from p^ when r(l) = is 
active. 

The levels DES control problem is to design the DES controller G^j (that produces 
w^°) s.t. Gpj, coupled from p(f)) = p^ to G^j, evolves like This is a desired states 
and transitions problem, with the solution G^j depicted in fig.6(c). 



4 The Unsupervised Discrete Event Control of the Temperature 

The HCS associated to the temperature dynamics comprises a disturbed continuous 
plant that is controlled, through an interface, by a DES. The plant coupled to the 
interface will be modeled as a disturbed DES-plant and the DES controller is a Moore 
machine. 
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The temperature dynamics is described by the differential equation 

= -Xj +Tj, +«3 +(i , 

where e |R is the state, Tj, > 0 is the desired medium temperature, e |R is the 

control and J is a scalar disturbance that takes values within any of the mutual 
exclusive ranges listed in Table 2. Each Boolean variable in Table 2 takes the value 1 
(TRUE) if and only if d resides within the corresponding range. 0^ = I (TRUE) if and 
only if (16) is not disturbed. Denote Dist = {d^, d^, d^, d^, OJ the set of all Boolean 
variables associated to d. 



Table 2. The logical modeling of the temperature disturbance 



The possible ranges of the disturbance d 


The associated Boolean variables 


(J) 


0<r/<D 


d, 


(2) 


-D<r/<0 


d^ 


(3) 


D<d<2D 


4 


(4) 


-2D < d <-D 


4 


(5) 


d = 0 


0. 
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a) 





i.E {(4,^2'), (r^oA), (r^-A), (r^oAl, 

(r^-A), (r^M, (r^oA)} c t ?2 x Dist 
he {(d+A), (r^oA), (r^+A)} c t ?2 x Dist 

i3E {(4,4), (4,^2'), {r^-A), (AA), (AAT (4,^f), 
(4,rff), (doA), (4,rfi), (doA), (r^-A)} ^RiXDist 

he {{doAl, (r^-A ), (/'-A')} c t ?2 x Dist 



control- 

symbols 



conditional 

inputs in Gp 2 I j 




c) 



b) 



Fig. 7. a) The significance of the alphabets 4 (1^) and (20); b) the disturbed DES-plant 
associated to the temperature dynamics; c) example: (r^,0J, (r„,dj e R^x Dist are conditional 
inputs in 
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The primal control objective of the temperature dynamics is to drive the continuous 
variable x, within the interval (TMIN,TMAX), and to maintain it there in the presence 
of the external disturbance d, where TMIN = - D > 0 and TMAX = Tj, + D. 

= {-D, 0, D} is the set of control values. The alphabet of control symbols is 

R,= {r\,r\,r\}. (17) 

The actuator implements the function U^, with the values 

rff) = -D,rfr\) = o,rfr\) = i^. (is) 

The smooth functionals h^, h^ \ |R — > |R, hfxj) = Vj - TMIN, hjxj) = -Vj + TMAX, 

are chosen starting from the primal control objective. The alphabet of discrete states 

Pi= {p\,p\,p\} (19) 

and the alphabet of plant symbols 

z, = {t„,t;,t;} (20) 

have the significances respectively described in fig.7(a). 

The disturbed DES-plant model associated to the temperature evolution (16) is the 
automaton 0“^^ = {P^, x Dist,f^, Z^, with 7^2 • ^2 ^ (Ri ^ ^2 ^1^1® 

transition function, x P^-^ the output function and the initial state. A 

control symbol r^ £ R^ occurs when a Boolean variable e Dist is or becomes 
TRUE, i.e. d.^ 1, so receives a conditional input (r^,<7) ^ R 2 xDist (fig. 7(b), (c)). 

The temperature DES control problem is to find a Moore machine S-t. 
coupled from the goal state (that corresponds to (TMIN, TMAX) in fig. 7(a)) 
returns to p^^, whenever G^^. leaves /?\, due to the external disturbance d. The solution 
(fig. 8(a)) is synthesized intuitively, based on G^^- 




a) b) 



Fig. 8. a) The unsupervised DES controller of the temperature x,; b) the supervised DES 
controller of the temperature x,, included in the layered architecture depicted in fig. 9. 
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5 The Supervision Architecture 

The supervision objective is to prohibit the switching of to the values D or -D, no 
matter the temperature evolution, until the level Xj in tank 1 reaches the extra limit LS, 
with Lj < LS < Hj. This imposes an additional level sensor (LS) (fig.3). The outputs 
of the sensor (LS) are the symbols LS+ and LS-, which are sent at a moment f e |R if 

and only if xjt) = LS and xi (t) >0 or if xjt) = LS and xi (t)<0 , respectively. Define 

Z = {LS-,LS+}. (21) 

The supervisor can potentially observe the occurrence of the symbols Z = U Z_.^, 
where 2^, = and Z^^ = RjURj- The symbols from Z^^ are potentially 

controllable [1]. The control symbols that have to be prevented to occur when LS- is 
observed in the plant are Z_. = {r , cz Z_.^. 




Fig. 9. The layered architecture for the supervision of the two HCS for the levels and 
temperature dynamics respectively. 
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b) sup = 0.5(sgn(Xj - LS)+1) 



Fig. 10. Simulation result of the controlled and supervised continuous plant depicted in fig. 13, 
with: L, = L, = 8, Hj = H, = 12, LS = 8.4, TMIN = 28, TMAX = 32, a = c = 1, b = 8.5, T„= 30, 
d{t) = -2-sin(t). MATLAB integration routine: ODE45, with tol = 0.0001 

The supervisor is synthesized intuitively, as a Moore machine that produces the 
logical variable sup (fig. 9 and fig. 10): sup = 0 if Xj < LS and sup = 1 if Xj > LS. The 
supervised temperature DBS controller G^^Asup (fig. 8(b)) produces conditional 
outputs: the control symbols from are prevented to occur if sup = 0 and are 
permitted if else. The levels DBS controller G^j (fig. 6(c), fig. 9) is not influenced by 
sup. 
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6 Conclusions 

In the proposed scenario, each DBS controller is first synthesized as a solution of a 
distinct DBS control problem. The main original contribution of this paper is the 
algorithm presented in the Appendix, for building the levels DBS-plant, without 
integrating the state equations (1) and assuming that hypotheses 1, 2 and 3 are 
(generically) true. In section 4, the Antsaklis HCS formalism was adapted in order to 
treat also disturbed plants. The supervised control concept was intuitively extended to 
a group of two independent HCS (fig.9). A general approach of these two design 
problems is still open. Bach continuous system in fig.9 perceives the supervised 
control part as a switching control law [4], [5], which permits the numerical 
simulation of the continuous evolution in MATBAB (fig. 10). 
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Appendix : Algorithm for Building the Levels DES-Plant Model 

Input', a) h. (7) and grad(/t,) (8), i = 1,4; b) (1 1) and B (Table 1); c) (3) and/„(x) = 
Ax,r,{rJ), m = 1,4 (12); d) Z, (13). Output :P,xR, g^, :P,xP,^Z, 

begin 

1 . Build the adjacency matrix^ associated to Pj, AD = (ZP>(/t.,,/?,))i according to: 
Rule 1: for each p^p^ e P^, with = ech(p^), = ech(p) do 

if 3i e {1, 2, 3, 4} s.t. b^b' = -1 and b^ = h/, V/' ^i,j e {1, 2, 3, 4} 
then AD(p^,p) : = ’’A/’ 
else AD(p^,p) -.= 

2 . for i := 1 to 4 do 

build the frontier matrix H. = (H.(p^,rJ)^ 5, , according to: 

Rule 2: for each p^ e P^ and e R^ do 



' In this example, the matrix AD can be built directly from fig.4. For example, AD(p^,pj = “hf. 
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if 3/7^ £ Pj s.t. AD(p^,p) = 
then begin 

S = sgn(b^' .(fj(x).grad(h)), Vx e A{h.,p^,p) % see properties 1 , 2 
if 5 =-l 

then Hfj} ,rj : = ” 1 ” % Ker(/!,) is input frontier for (p , rj 
else if 1 

then Hf^p^,r^ : = ”E” % Ker(/!,) is exit frontier for (p^, rJ 
else H^{p^,rJ : = 0 % Ker(A,) is not an exit or input 

% frontier for (p^, rJ 

end 

else ~ % p^ has no frontiers on Ker(A.) 

3_ for^ :=1 to8 do % building the state transition function^j : Pj X 2 '”‘ 
for 5 : = <7+1 to 9 do 

if 3 / e { 1 , 2 , 3 , 4 } s.t. AD(p^,p) = 
then for m := 1 to 4 do 
if/^07 ,,rJ^”-“ 
then i f = ”E“ 

thenp^ and p^if^^(p^,rj % p^^p, 

else/>^ e40,,rj and p^ i f^^ip^pj % P,~^P, 
elseft and p^if^,(p,pj 

e 1 s e Vr„ e Pj, g f^^ip^pj and p^ g fp^ip^rj % P, and 77, are not adjacent 
4_ for 9:= 1 to8do % building the output function : Pj X Pj — > Zj 
for 5 : = q-t -2 to 9 do 

if 3 r„ e s.t.77^ and AD(p^,p) = ”/j” 

then if b' ^ -I 

then g^^(p^,pj : = -2,+ % (1+) has occurred when —^77^ 

else g^jp^pj : = Zi_ % (1-) has occurred when 77^ —>77^ 
else gpi(p^,p) is not defined 

end 
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Fig. 11 . The frontier matrices built at step 2 . For example, H^ip^p^ = “E” means that the cell Cj 
associated to 77, has a frontier on Ker(/ij) and, if the control J'(rj) is applied to the system ( 1 ) 
with x„ e Cj, then the continuous trajectory x(.) will leave Cj by crossing Ker(/ij) and will pass 
into a next adjacent cell. H^(p^pJ = “I” means that if the control y^(rj is applied to the system 
(1) with x„ on the frontier of Cj which is common with Ker(Aj)> then x(.) will enter the cell Cj. 
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1 Introduction 

One of the most important fields of research in computer science is the investigation 
of intelligent agents for the web which should search in the net for informations. 
Usually these agents are cooperating and form a working group of “multi agents“. 
But these groups or different agents can also stay in competition to each other. In 
both cases we have to model the behavior of the agents; i. e. to program a set of rules 
(consisting of preconditions and actions) which tells every agent what he has to do. 

The present rapid development of the web (and other networks and information 
systems) gives us the need to develop proper methods of modeling the intelligent 
agents. Sometimes these methods already exist more or less in principle, even when 
they are not yet in the final applicable form. An example for such a preliminary 
method is the design of automatic players for games. A lot of research has been done 
on this field, and the experiences and insights gained from this research can partially 
be used for the modelling of agents. 

The following report presents an overview on different concepts and methods to 
program automatic players for games. The main focus in this presentation is on the 
methods developed by the author during his research and teaching on this field at the 
University Vienna. 



2 Search Methods for Computer Chess 

Norbert Wiener wrote in his famous book Cybernetics (first edition 1948) after the 
main chapters 1 to 8 an appendix about a chess playing machine. He quoted there the 
article ’’Theorie der Gesellschafts-Spiele” (i.e. theory of games) of Johann von 
Neumann. In this article von Neumann developed for the first time his theory of 
finite games with the main theorem: ’’Every finite game has an optimal strategy.” 
Later Oskar Morgenstem applied the von Neumann theory of games to economics 
and together they published the famous book ’’Game Theory and Economic 
Behavior” (cf Neumann & Morgenstem). In the theory of games developed by von 
Neumann we distinguish between games in extensional form and games in normal 
form. For our investigation here we consider only the games in extensional form. 

F. Pichler, R. Moreno-Diaz, and P. Kopacek (Eds.): EUROCAST’99, LNCS 1798, pp. 588-600, 2000. 

© Springer-Verlag Belin Heidelberg 2000 
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Extensional games are mainly 2-person games. Key words for these games are: 
Game tree, Mini-Max, Full information, etc. We are interested here in programming 
"Optimal players". 

By the theorem of von Neumann, they can be constructed with mini-max 
methods. In practise this, however, is only possible for small games, e.g: for the 
endgames of chess. (To allow more than 6 pieces is not possible for chess, because 
of the combinatorial explosion.) For the construction of the optimal strategy, the 
nodes must be asigned to real optimal values. Therefore we need first a computation 
of the optimal values. The reader interested in this further should consult the author 's 
"Calculus of Winning" and Ken Thompson’s "Retrograde Analysis of Certain 
Endgames". 

Since optimal players are not feasable for large games like chess, the socalled 
"Heuristic Players" have been developed. 1948 Norbert Wiener was the first one who 
recognized that, and he designed an heuristic player for chess. After him, Claude 
Shannon made a first classification of searching algorithms into the following 3 
types: 

Type A (already Wiener’s suggestion): 

(1) Look ahead n plys (= half moves, or moves of only 1 player) 

(2) Estimate the value for every node: evaluS (suggested too by Wiener) 

(3) Compute the value back to the predecessor node by mini-max (or similar 
methods)! 

Improvements of Type A: 

(4) The great danger of type A is the ’’horizon effect”: this algorithm cannot see 
a check mate in n-i-1 plys! 

(5) Better dynamic search: like minimax, but alpha-beta search. A short 
explanation is in the book of Nilsson, or of Knuth & Moore. Alpha-Beta 
allows also foward pruning with cut-offs, i.e. without throwing away the 
best move. 

Type B (suggested by Shannon): 

(1) Forward pruning: ordering and selection of moves by the value of the 
nodes. 

(2) Throw away the stupid moves! Search only from nodes with a good value. 

(3) But it can happen that a Type B algorithm throws away also some good 
moves (when evaluS was not correct!) 

Conclusions for Type B: 

(4) Therefore this algorithm will not necessarily find the best solutions. 

(5) Type B was at the beginning of chess programming the only chance to 
realize it on weak computers (with only little computability-power.) Chess 
4.x switched to type A (as a pioneer at this time!) 

Type C (also suggested by Shannon): 

(1) Problem-oriented forward pruning: analysis of chess-oriented features of a 
position, selection of goals and moves leading to this goals. 
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(2) Modelling the human player: e.g. quiescence search (i.e. searching selective 
deeper, when it is necessary, because of the horizon effect). When you 
cannot evaluate the real value of a position by a static evaluation, you have 
to compute a dynamical value by searching. 

(3) Since 1980 those programs had been available for chess endgames. 

Chess is certainly the most important game for which automatic players have been 
developed. But there exists a number of other Computer Games than Chess: 

Hans Berliner’s Backgammon-Program BKG9.8 won 1981 against the world 
champion. Around 1985 Nicolas Findler developed programs for Bridge and Poker. 
About 1995 Ralph Gasser (from the ETH Zurich) showed by decompositional 
methods that 9-Men’ s-Morris is drawn, and Martin Muller developed an endgame- 
database for Go (by decomposition of endgames with methods of Sprague-Grundy 
theory and combinatorial game theory). 

3 Computer Games: Own Developments 

My work on computer games can be summarized in this way: My students and I 
programmed some automatic players based on heuristic strategies for the usual 
wellknown games, some optimal and semi-optimal players for the diminuative 
versions of these games, and other optimal players for small games. In particular I 
investigated the following commonly known games: Kalaha (6 and 4), De Bono’s L- 
game, Hexi (= an application of Ramsey Theory, click on 
http://www.dbai.tuwien.ac.at/proj/ramsay/ or /staff/slany ), Colour-Triangle (7, 5 
and 3), 9-Men-Morris (Draughts) in restricted form, 3 in a Row (with gravitation), 4 
in a Row (with gravitation), 5 in a Row (without gravitation), and others. 

Furthermore I invented some other games too and programmed automatic players for 
them. Let me mention the more important ones: 





















K 
























'-is 









Fig. 1. A starting position of Bear-Dog-Flunt 
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Bear-Dog-Hunt (BDH): 

BDH is played on a 5 x 5 board with 5 dogs and 2 bears. All these 7 pieces can move 
alternately in one of the 8 directions of a square (i.e. N, S, E, W and NE, NW, SE, 
SW). In the starting position the 5 dogs are positioned on the left side of the board in 
a zip-line; the 2 bears are on the right side. The starting directions are created 
randomly and marked with a star or an arrow. The dogs-player (who starts) can 
change the directions of 2 dogs. After that all 5 dogs move 1 field ahead 
simultaneously. On the boarders they are sent back like a billard ball plus 1 field 
more. The bears-player can change only the direction of 1 bear. After that both bears 
are moving ahead. If 2 dogs meet 1 bear: the bear is killed. If a bear meets only 1 
dog: the dog is killed. 2 dogs or 2 bears kill themselves! When there is only 1 dog 
left, the bears win. When there is no bear left, of course the dogs win. If there is only 
1 bear and 2 dogs left, after 10 moves the game is drawn. 

Several modifications of that game are possible. E.g: as videogame on a board 
with 10 X 20 squares (with black spots between). At the beginning 20 bears and 80 
dogs, move altematly every 3 seconds or 5 seconds resp. (the dogs). Players can 
change direction only in clockwise steps with the joystick. BDH will be soon 
available on my homepages. 

Poker-TicTacToe (PTTT): 

PTTT is a paper- and-pencil game similar to TicTacToe played on a 4 x 4 board, but 
with additional rules! The player who gets first 4 signs of his own in a row or a 
diagonal line will of course win. But this is not the regular case, because the game is 
drawn (as its value by optimal play) like TTT. Therefore the board will be filled with 
naughts and crosses in the regular play. After that you count the 3’s in a row of each 
player. The one who has more 3’s wins. If the number of the 3’s are equal, you must 
count the pairs that are not already part of a ”druH” (i.e. a 3). The player with more 
pairs wins. If the number of pairs is also equal, the game is drawn. (My student 
Marcus Wagner and I computed the full database of the values of the positions and 
programmed an optimal player.) 

Cyclop and CyclopeD: 

The simplest version of the game is played by moving 2 pieces A and B respectively 
(e. g. coins) one field ahead in horizontal or vertical direction, on a board with 2x3 
squares (Let's mark them 11, 12, 13, 21, 22, 23.) The starting position is A = 11 and 
B = 23. The player who first moves into a repetitional position (i.e. a position that 
occured already in the game before) looses! This diminuative version of the game is 
for the experienced player too simple. Therefore in the advanced version Cyclop-D 
diagonal moves are also allowed. 

Loss-Drawn-Win Marienbad-game: 

This is a special threefold Marienbad-game with 3 trees. Remember: The 
Marienbad-game is a NIM-game (constituted by 4 heaps of 1, 3, 5 and 7 sticks). 
Now we have to consider 3 Marienbad-games side by side with different winning 
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rules: If the last stick of this 3-fold Marienbad-game is taken from the left tree, the 
player who has to take it looses the whole game. If the last stick of the 3-fold game is 
taken from the middle tree, the whole game ends with drawn. Only if a player can 
take the last stick (of the whole 3 -fold Marienbad-game) from the right tree, he wins 
the whole game. (As a variation of these rules one can also design an unbalanced 
payoff-function where the game need not to be a zero-sum-game.) 




Fig. 2. Starting position of Kalaha 



Kalah4: 

This game is similar to Kalaha, which contains 6 holes for each player with 6 stones 
in each hole at the starting position, and 1 kalah-hole (See Figure 2. Kalaha will be 
described later.) Kalah4 has only 4 holes with 4 stones, and 1 (empty) kalah-hole (for 
both players at the beginning). My student Wolfgang Wiesbauer and I programmed 
an optimal player for Kalah4. With this diminuative player we could test and 
improve the evaluation function of Kalahb. Therefore also our heuristic player for 
Kalaha was unbeatable for a long time. 



4 Computer Games: Experiences 

In the following sections I want to discuss by the above mentioned games the work 
we did some years ago. Let's start with Kalaha! In the initial board configuration are 
6 stones in every hole. The two players alternately do empty an own hole and 
distribute the stones anti-clockwise (one by one) in the 12 holes and the own kalah 
(surpassing the opponents kalah). Depending on the position of the hole, where the 
last stone had been placed, we can distinguish 3 sorts of moves: (1) An Ordinary 
Move happens when the last stone is placed into a hole of the opponent or into a not- 
empty own hole (of course except the kalah which is not considered as a hole). (2) A 
Kalah Move is when the last stone falls into the (own) kalah. In this case the move is 
possibly not finished yet: the player can empty another (own) hole. (3) Robbery 
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Move: If the last stone falls into an empty own hole the player can rob the stones in 
the adjacent hole of the opponent and put them into his own kalah. 

The goal of the play is to collect (at least) 36 stones in the own Kalah. The player 
who succeeds, wins. But be careful: A player who does not have any stones in his 
holes, cannot move and looses even if his opponent does not have 36 stones yet. 
(Sometimes Kalaha is played with the additional condition that in this case the 

opponent is allowed to put his own stones into his Kalah-hole. Then the game can 

end drawn too!) There are also other slightly different rules of the game in use, e.g. 
that in the case of a Kalah Move the player has to empty another hole! (In this case 
the player can loose also, when he has already 36 stones.) 

Wiesbauer (1980) computed the whole database for the optimal values of the 
positions of Kalah4 (= the smaller version with only 4 holes per player and 4 stones 
in each hole and corresponding rules, e.g. collect 16 stones for a win!) With this 

database we could program an optimal player for Kalah4 and test heuristic 

evaluation functions. The insights (we won by this test) we used to tune and optimize 
the heuristic evaluation function of the large game. Therefore our automatic player 
was unbeatable in that time, where these games could only be played on large 
mainframe computers. 



••••• @@@@@ 

5 black stones 5 red stones 




OOOOO 

5 white stones 



Fig. 3. Empty Board of Colour-Triangle 5 

The next game I want to describe is Colour-Triangle. The normal version consists of 
a triangle with 7 circular dots at its 3 vertices/edges (including the comers). Parallel 
to each edge, 5 lines are drawn connecting the 2 corresponding dots at the other 2 
edges. At the intersection of every 3 lines, new dots are placed: 4 one at the T' 
parallel line after the bottom vertice/edge, 3 one at the next, etc. Therefore the board 
will be covered with 28 dots (=7 + 6 + 5 + 4 + 3 + 2+l). 

At each of these dots, a stone can be placed. At the beginning we have the empty 
board, and a pool of 28 stones; always 7 of one of the 4 colours (= white, black, red 
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and blue). 2 players alternately take a stone (no matter which colour) from the pool 
and place it on the board. If a player can set a stone this way, that it forms together 
with 2 other stones of the same colour on the board the comers of a regular (=60 
degrees) triangle, he wins! 




Fig. 4. A win for the player who put the last white stone onto the board 

The smaller version Colour-Triangle 5 has only a board with 15 dots/points 
(shown in Figure 3). Figure 4 shows an end position with a win for the player who 
put the last white stone onto the board. Flermann Kaindl and I solved this game and 
programmed an optimal player for it. (See Kaindl.) 




Fig. 5. Starting position and an end position of De Bono’s L-Game 

Another game which is an excellent example for our methods is De Bono's L- 
Game. It is played on a 4 x 4 grid, where the 2 L's (of the 2 players) and 2 neutral 
pieces are placed on the board. The starting position is shown in Figure 5. A move 
consists of 2 parts: first the player has to change the position of his L and second he 
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can change the position of 1 neutral piece (but he does not need to). The game ends if 
a player cannot move and looses therefore. (E.g. White in Figure 5.) 



\ 1 / \ 1 / \ 1 / \ 1 / \[/ \ 1 / \ 1 / 



2 1 stones red 
2 1 stones black 




1 2 3 4 5 6 7 



Stones are 
falling down 
by gravitation 



Fig. 6. The empty comb of 4-in-a-Row 

The game "4 in a row" is well known. A vertical board or (better to say:) a 
standing comb with 6 rows and 7 columns shall be filled alternately by each of the 2 
players with their own stones (black or red. See Figure 6.) The stones are always 
falling down to the bottom or onto the stone below in that column. This is producing 
a pattern of black and red dots that form sometimes also lines. If a line with 4 red 
stones can be formed (horizontal, vertical or diagonal), the red player wins. The 
same is valid for the black player. 



5 Computational Methods 

After the description of different games, I want to explain the methods by which they 
can be treated computationally. The most wellknown method to construct heuristic 
players is the Alpha-Beta-Search, explained in several textbooks about Artificial 
Intelligence. (E.g. consult Nielsson.) A static evaluation function computes heuristic 
values of the positions which are computed backward by a mini-max like dynamical 
search. The feasability of this methods depends of the branching factor: the average 
number of moves a player can perform from a position. Alpha-beta is very good for 
chess (branching factor = 45), bad for GO (BF = 400) or "4 in a Row" with 
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gravitation (BF = only 6, but horizon effect = 20 plys or more). Alpha-Beta search 
has also a theoretical disadvantage. Dana Nau could show the paradoxon: "The 
deeper you search, the worse the result!" (See Judea Pearl.) 

However, this paradoxon gives reason to chose different approaches than in 
classical AI. One of it is based on Sprague-Grundy Theory which is wellknown for 
solving NIM-games (similar to the Marienbad game.) The Sprague-Grundy Theory 
(=SGT) was created about 1935. It allows to compute (for a special class of games) 
natural numbers as absolute values of the positions of a given game (in contrary to 
the heuristic values, which are usual when we are constructing automatic players 
with the computer). 

The values of a special Sprague-Grundy function are defined at the start by the 
terminal positions concerning to the rules of the game (0 for win, 1 for loss), and 
after that for the non-terminal positions backward by computation: 

/(p): = min ( N \ {/(q) (e N) | : 3 move from p to q }). Here should be noted that 
Oe N. The set {/(p) = 0} forms the kernel K of all those positions from which the 
moving player can only loose (or has lost already in the terminal case). Games with 
drawn (and other) values und puzzles (=l-person games) and 3- or more-person 
games cannot be treated with SGT. 

Let me shortly note the following facts: 

"p Move q" means: some player moves from p to q. 

Then the following implications can be proven: 
p Move q & qe K => pg K. 
qe K & q Move r ^ rg K. 

(If rg Stop:) rg K =i> 3s: r Move s & se K. 

Furthermore: The SG-function makes the games decomposable into partial games, 
with 

/(G, + G,) = /(GJ + /(G,). Because: 

peK n Gj & qeK n G, ^ (p+q)eK n (G^ G,). 

A further development is the Combinatorial Game Theory. (See Berlecamp, Conway 
and Guy.) 



6 Calculus of Winning 

Based on this SGT, I developed the Calculus of Winning (=CW). See Schimanovich 
(1978, 1980, 1981, 1982) and DePauli-Schimanovich (1999, 2000). 

The Calculus of Winning is the counterpart (and an extension) of Sprague-Grundy 
theory. It is an axiom system in first order logic with a number of theorems that 
gives us an insight into the structure and the internal relations of the specific games. 
Its precise language allows also a finer typization of games (in the extended form, 
concerning to its essential properties) and a precise classification of positions (win, 
loss, drawn). Eventually the Calculus of Winning delivers simple algorithms to 
construct the optimal strategy for a computer as an automatical player. (E.g. for the 
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endgames of chess we get an algorithm that ignores all drawn or not yet classified 
positions, computing only the win or loss positions.) With these optimal players for 
small games you can tune the evaluation function of the heuristic players for large 
games. In this aspect the Calculus of Winning is more related to Computer Games 
and Artificial Intelligence than to the Theory of Games (which treats mainly games 
in normal form). 

The Calculus of Winning is a very sophisticated logical system, where one can 
derive a lot of theorems, like in other theories of predicate logic. This delivers a good 
insight into the structure of the game. Some games (the so called Drawn-Circle 
games or sometimes called “loopy games”), where a position can be moved to again 
and the game ends with drawn, can be treated with the CW excellently. It allows 
very simple algorithms for these games to construct the database of absolute values 
of the positions (ignoring all drawn and not yet classified positions!) This counts for 
the endgames of Chess, for De Bono's L-game, for 9-Men s-Morris or Bear-Dog- 
Hunt. 

The other important group of games are the so-called stratified and strict stratified 
games, like Kalaha, Colour-Triangle or 4-in-a-row. They do not allow a repetition of 
positions (or restrict them like in the case of Go.) For those games the CW delivers 
also good classification algorithms, but not so excellent ones as for the drawn-circle 
games. Also for the last group of games (the win-circle and the loss-circle games) 
some feasable algorithms can be established. But most games (e.g. like chess) are a 
mixture of different types. 

In addition to the common Artificial Intelligence methods, and to Sprague-Grundy 
Theory, Combinatorial Game Theory, and the Calculus of Winning, Ranan Banerji 
developed the "Homomorphism Method" for games: given the solution of a game 
(i.e. the absolute value classification of its positions), construct the solution of 
another game. We demonstrate this by the 9-penny game: You have 9 different coins 
with all numbers between 1 and 9 pennies. 2 players choose alternately 1 coin. The 
one who has first 3 coins that add up exactly to 15 pennies, wins. Solution: Play this 
game on a 3 x 3 magic square, because it is isomorphic to Tic-Tac-Toe. Also the 
game of race (from Newell and Simon) is homomorphic to Tic-Tac-Toe. 



7 Puzzles or 1-Person Games 

At the end I want to mention the puzzles (= 1 -person games) on which 1 worked with 
my students: Solitaire (in restricted form). Rock em up. Master Mind, Rubik's cube 
(2x2x2, 3x3x3, 4x4x4 and n x n x n). Tower of Hanoi. 

The Tower of Hanoi is usually used as an example for recursion in the textbooks. 
But it has a simple explicit moving function, that computes the next move of a given 
position without recursion. This moving function can be easily explained by the 
"thumb-rule strategy" for the Tower of Hanoi: At the begiiming of the game put the 
thumb (of your right hand) on the 2” stick in the middle, and then move the smallest 
disc (which is at the begin on the top of the other discs on the 1“ (= left) stick) to the 
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3'“* (= right) stick. After this always move the thumb clockwise (2”“’, 3'“*, 1"‘ stick, then 
start again with the 2”“*) and make the corresponding move with the disc. (Note: 
concerning to the rule that no larger disc can be put ahead of a smaller one, there is 
only one move possible!) After some clockwise moves of the thumb the pile will 
have been shifted from the left to the right side, and the puzzle is solved. In 
Buneman & Levi you can find this thumb-rule that I discovered independently too. 
(See also Cull & Ecklund.) 

Finaly, I shortly want to explain my method of "Relative Problem Solving" on the 
example of the Rubik's Cube. Some years ago puzzling was a mania under children 
and students and they knew how to solve the Cube (i.e. the 3 x 3 x 3 Cube.) With this 
knowledge of the solving procedures it is easy to solve the baby cube (=2x2x2). 
Some people can only solve the fool's cube (= 1 x 1 x 1) or the military cube (all 
sides are red). But the interesting question for us is: How to solve the 4 x 4 x 4 Cube 
with a minimum of new algorithms? 

When we treat that whole 4x4x4 Cube like the baby cube, it will lead to 
nothing. However we bring the 4 inner squares of each side to one unique colour first 
and then form such way a "super cube". This can be done with the knowledge of the 
baby cube. Therefore the only additional knowledge we need is an algorithm to 
assimilate the 2 inner neighbor-cubies of each edge of the 4x4x4 cube. (I.e. to give 
them the same colour side on side on both fronts.) This should work somehow 
without destroying the 6 super cubies. Now we see immediately that the 4x4x4 
cube can be treated as 3 x 3 x 3 cube, and can be solved with the minimal additional 
knowledge of the super-cubies algorithm. 

Following these lines Frwin Sulzgruber established a general theory to solve the n 
X n X n Cube! 



8 Conclusion 

The preceding explanations are of course only a snapshot of the large field of 
computer games, and of methods used there to program automatic players. With this 
article 1 wanted to guide young researchers only to the magic triangle of A.I., theory 
of games, and cybernetics. For the actual task of developing methods to support 
intelligent agents to navigate through the web and gain information, those results of 
the pioneer time of computer science can bring a lot of hints how to get insights, 
especially in respect to the goal how the design of agents should be handled properly. 
Systems analysis and modelling with mathematical and logical tools (like it has been 
done for games with the Sprague-Grundy theory or the Calculus of Winning) can 
successfully be applied to intelligent agents too! 
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